semgrep
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the 'semgrep' package from PyPI, Homebrew, and Docker Hub, which are trusted sources for this tool.
- [COMMAND_EXECUTION]: The skill uses shell commands like 'pip install' and 'semgrep scan' to perform its primary function of code analysis.
- [PROMPT_INJECTION]: The skill processes untrusted content such as source code and error logs (Ingestion: SKILL.md), lacks boundary markers or input sanitization, and possesses command execution capabilities (Capability: SKILL.md), which constitutes a surface for indirect prompt injection.
Audit Metadata