Skills
NYC
skills/trailofbits/skills/semgrep-rule-variant-creator/Gen Agent Trust Hub

semgrep-rule-variant-creator

Fail

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted data and possesses powerful tool capabilities.\n
  • Ingestion points: Existing Semgrep rules are read as input from files or raw content as defined in SKILL.md.\n
  • Boundary markers: No delimiters or safety instructions are present to prevent the agent from obeying instructions embedded in the input rules.\n
  • Capability inventory: The skill uses the Bash tool to run semgrep and has Write and Edit permissions for file system modification.\n
  • Sanitization: No validation or sanitization of the input rule content is performed before processing.\n- [Dynamic Execution] (MEDIUM): The skill implements a pattern of script generation and execution (Category 10).\n
  • Evidence: The skill creates new .yaml and source files and then executes the semgrep CLI against them via the Bash tool. This increases the risk if the generated content is derived from untrusted input.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 15, 2026, 08:32 PM