ast-grep
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- NO_CODE (SAFE): The skill package consists exclusively of Markdown documentation and reference materials. No executable scripts, binaries, or library dependencies are included.
- PROMPT_INJECTION (LOW): The skill defines a workflow with an inherent indirect prompt injection surface (Category 8). 1. Ingestion points: Local source code files and YAML rule configurations (e.g.,
sgconfig.yml) parsed by theast-greptool at runtime. 2. Boundary markers: No delimiters or instructions to ignore embedded directives are specified for the agent when interpreting scanned code. 3. Capability inventory: The tool provides powerful structural search and code modification capabilities (rewriting). 4. Sanitization: No sanitization or validation of processed code content is described in the reference files before interpretation.
Audit Metadata