ast-grep-code-analysis
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install the
@ast-grep/clipackage globally vianpm. This involves downloading and installing third-party software from a non-whitelisted source at runtime. - [COMMAND_EXECUTION] (LOW): The skill relies on the agent's ability to execute shell commands, including
npm install,ast-grep init, andast-grep run. While necessary for the tool's function, these represent a capability surface that can be abused. - [PROMPT_INJECTION] (HIGH): High vulnerability to Indirect Prompt Injection (Category 8).
- Ingestion points: The skill is designed to ingest and parse external codebases from the local filesystem (SKILL.md).
- Boundary markers: There are no explicit delimiters or instructions to the agent to ignore natural language commands found within the code comments or strings of the analyzed files.
- Capability inventory: The agent is granted shell command execution capabilities to install and run analysis tools.
- Sanitization: No sanitization or filtering is performed on the content of the codebase before it is presented to or processed by the agent, allowing malicious instructions in the code to influence the agent's reasoning.
Recommendations
- AI detected serious security threats
Audit Metadata