Skills
skills/ulpi-io/skills/ast-grep/Gen Agent Trust Hub

ast-grep

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions for the installation of the ast-grep CLI tool from trusted and well-known sources, including npm (@ast-grep/cli), Homebrew, Cargo, and official GitHub releases.\n- [COMMAND_EXECUTION]: Uses the Bash tool to execute ast-grep for version verification, testing rules against code snippets via stdin, and performing structural searches across the codebase.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes code content and user patterns that are dynamically interpolated into shell commands.\n
  • Ingestion points: Processes source code from files and user-provided snippets during the search and testing phases.\n
  • Boundary markers: Recommends using stopBy: end in relational rules to delimit search depth and provides guidance on escaping shell metavariables.\n
  • Capability inventory: Utilizes Bash for command execution, Read for file access, and Write for temporary file management.\n
  • Sanitization: Advises escaping the $ character (e.g., \\$VAR) to prevent shell variable expansion, though it does not explicitly address other shell injection characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 08:15 AM