Skills
skills/trailofbits/skills/semgrep-rule-creator/Gen Agent Trust Hub

semgrep-rule-creator

Pass

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection due to its use of WebFetch to ingest external documentation.
  • Ingestion points: The Documentation section in SKILL.md requires the agent to fetch content from several external URLs (semgrep.dev, github.com, appsec.guide).
  • Boundary markers: There are no explicit instructions to the agent to treat the fetched content as untrusted or to ignore embedded instructions within that content.
  • Capability inventory: The skill uses Bash, Write, and Edit tools, allowing it to execute arbitrary commands and modify the local filesystem.
  • Sanitization: No explicit sanitization or validation of the web content is performed before it is used to influence rule generation.
  • Command Execution (SAFE): The skill uses the Bash tool to run legitimate Semgrep commands (semgrep --test, semgrep --dump-ast). These are necessary for the skill's primary function of validating static analysis rules.
  • External Downloads (SAFE): The skill fetches documentation from trusted sources (semgrep.dev, github.com). Per [TRUST-SCOPE-RULE], these references are considered low risk as they are targeted at well-known documentation repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 18, 2026, 05:43 PM