ast-grep
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses the legitimate ast-grep CLI for code analysis and provides comprehensive documentation on its usage. There is no evidence of malicious intent or unauthorized actions.
- [PROMPT_INJECTION]: The skill's ingestion of codebase data via
ast-grep scanandast-grep runrepresents a potential Indirect Prompt Injection surface. However, since the tool is used for structural analysis rather than code execution, the risk is mitigated. - Ingestion points: codebase files analyzed by
ast-grep. - Boundary markers: ast-grep rule patterns and metavariables define structural boundaries.
- Capability inventory: Structural read access to project files via AST parsing.
- Sanitization: Instructions emphasize shell escaping for metavariables to ensure proper command interpretation.
Audit Metadata