Skills
skills/ryanthedev/code-foundations/setup-ast/Gen Agent Trust Hub

setup-ast

Warn

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Downloads language grammars from the official tree-sitter organization's GitHub repositories.
  • [EXTERNAL_DOWNLOADS]: Fetches community-maintained language grammars from non-verified third-party repositories (e.g., alex-pinkus/tree-sitter-swift, fwcd/tree-sitter-kotlin).
  • [COMMAND_EXECUTION]: Modifies user shell configuration files like ~/.zshrc and ~/.bashrc to persist the TREE_SITTER_GRAMMAR_DIR environment variable.
  • [COMMAND_EXECUTION]: Executes package management commands (brew install, cargo install) to set up the tree-sitter CLI on the local system.
  • [PROMPT_INJECTION]: Identifies an attack surface for indirect prompt injection via external repository cloning. 1. Ingestion points: Multiple git clone operations for grammar repositories in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution (bash, git, brew, cargo) and file writing capabilities throughout SKILL.md. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 9, 2026, 04:38 PM