ast-grep
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes ast-grep CLI commands for structural code searching and AST analysis. This includes writing temporary code and rule files to the local filesystem and executing search subcommands such as scan and run.
- [PROMPT_INJECTION]: The skill processes external codebase content, which introduces a surface for indirect prompt injection.
- Ingestion points: Source code files from the target project directory are read and analyzed by the ast-grep tool.
- Boundary markers: No explicit delimiters or instructions are provided to separate the analyzed codebase content from the agent's internal instructions.
- Capability inventory: The skill utilizes command execution for searching and file system read access for code analysis.
- Sanitization: The skill does not perform any sanitization or validation of the codebase content being processed.
Audit Metadata