Skills
skills/vchirrav/product-security-ai-skills/sast-semgrep/Gen Agent Trust Hub

sast-semgrep

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill executes semgrep commands via the shell. This is necessary for operation but introduces a risk of shell injection if the <target-path> variable is manipulated with malicious characters.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill requires the semgrep Python package. The installation of external packages not included in the trusted source list is normally a MEDIUM finding, but is downgraded here because it is the primary purpose of the skill.
  • [PROMPT_INJECTION] (LOW): The skill parses and summarizes output from scanned codebases, which creates a surface for indirect prompt injection if the scanned code contains malicious instructions intended to mislead the security agent.
  • Ingestion points: Code files located at the user-specified <target-path>.
  • Boundary markers: None specified to distinguish untrusted code results from agent instructions.
  • Capability inventory: Shell execution (semgrep scan) and file system access for results.
  • Sanitization: No sanitization is performed on scan results before they are summarized by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:44 PM