ast-grep
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands using the ast-grep CLI tool. It suggests using --inline-rules and piping input via stdin, which incorporates user-provided patterns and rule definitions directly into shell command strings. This pattern creates a command injection surface if the agent does not properly escape the inputs.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it translates natural language queries into executable structural search rules.\n
- Ingestion points: Natural language user queries and searched codebases (SKILL.md).\n
- Boundary markers: No delimiters or explicit instructions are provided to isolate user content from the rule logic.\n
- Capability inventory: Execution of ast-grep CLI commands for structural code analysis (SKILL.md).\n
- Sanitization: The skill mentions escaping metavariables for shell syntax compatibility but lacks security-focused sanitization or validation of the generated rule components.
Audit Metadata