ast-grep
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
ast-grepCLI through well-known services including Homebrew, Cargo, and npm (@ast-grep/cli), as well as the official project repository on GitHub. - [PROMPT_INJECTION]: The skill processes untrusted local code through structural search, which constitutes a surface for indirect prompt injection.
- Ingestion points: Local project files searched via
ast-grep scanandast-grep runcommands. - Boundary markers: Absent for the tool's output; however, the skill mandates a strict six-step verification protocol requiring the agent to test rules individually before production use.
- Capability inventory: Bash (CLI execution), Read (file access), and Write (file modification).
- Sanitization: The instructions emphasize the need to escape metavariables ($VAR) in shell commands to ensure command integrity.
Audit Metadata