ast-grep
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for utilizing the
ast-grepCLI for syntax-aware code searches. No malicious behavior, obfuscation, or unauthorized data access patterns were detected. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to run search and debugging commands. The provided documentation explicitly guides the agent on safe shell quoting practices (such as using PowerShell here-strings and POSIX single quotes) to prevent command construction errors. - [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted repository data, which constitutes an indirect prompt injection surface. However, the risk is significantly mitigated by the skill's mandatory 'Workflow' which requires the creation of tiny fixtures and validation of rules in isolation before scanning the main repository.
- [EXTERNAL_DOWNLOADS]: The skill assumes that necessary tools like
ast-greporrgare already present in the execution environment. It does not attempt to download or execute remote scripts or unverified third-party packages.
Audit Metadata