ast-grep
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for using the
ast-grepcommand-line tool to perform structural matching on codebases. It includes examples of runningast-grep runandast-grep scanwith various parameters to find specific code constructs.\n- [PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection as it involves processing external code from user-defined project directories.\n - Ingestion points: Source code files read by the
ast-greptool from the local filesystem during a search operation.\n - Boundary markers: No explicit delimiters or instructions are provided to distinguish codebase content from agent instructions during the analysis of search results.\n
- Capability inventory: The skill leverages the
ast-grepCLI for structural search and encourages creating temporary files for testing rules.\n - Sanitization: There is no evidence of content sanitization or filtering for the code snippets matched by the search rules before they are processed by the agent.
Audit Metadata