tree-sitter
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill instructs the agent to perform
git clonefromgithub.com/tree-sitter/andgithub.com/tree-sitter-grammars/to install language grammars. While these are the standard sources for the tree-sitter tool, the organizations are not on the predefined trusted list. Severity is downgraded to LOW as this is core to the skill's setup purpose.\n- COMMAND_EXECUTION (SAFE): The skill executes thetree-sitterCLI to parse files and run queries. This behavior is the primary intended function and does not involve arbitrary or malicious shell commands.\n- INDIRECT_PROMPT_INJECTION (LOW): \n - Ingestion points: The skill reads and parses external source code files via
tree-sitter parseandtree-sitter query.\n - Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded within the code being analyzed.\n
- Capability inventory: The agent can execute CLI tools and read the file system.\n
- Sanitization: Absent. The agent processes raw AST and query output which could contain text from malicious code comments designed to influence agent behavior.
Audit Metadata