ast-grep-find
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external source code which constitutes a major attack surface. Evidence: (1) Ingestion points: Reads from the local filesystem via --path and --glob parameters. (2) Boundary markers: No delimiters or instructions to ignore embedded code/comments are present. (3) Capability inventory: Permitted tools include Bash and Read, with the functional ability to modify code via --replace. (4) Sanitization: Cannot be verified as the primary execution script scripts/ast_grep_find.py is not included.
- [Command Execution] (MEDIUM): The skill executes shell commands via uv run python. Because the underlying script is missing, it is impossible to determine if user-provided patterns or replacement strings are properly escaped to prevent shell injection.
- [Remote Code Execution] (MEDIUM): The skill depends on an external MCP server (ast-grep) and a local script (scripts/ast_grep_find.py) that is not provided, creating an unverifiable and potentially dangerous execution chain.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata