ast-grep
Pass
Audited by Gen Agent Trust Hub on Jun 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
install.shandinstall.ps1scripts download theast-grepbinary from its official GitHub releases page (github.com/ast-grep/ast-grep) as a fallback when system package managers like brew, npm, or cargo are unavailable. - [COMMAND_EXECUTION]: The
scripts/ast_grep_helper.pyscript executes theast-grep(sg) binary usingsubprocess.runto perform structural searches and file modifications. The commands are constructed using argument lists rather than shell strings, mitigating command injection risks. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it reads and processes external source code that could contain malicious instructions designed to influence the agent. Ingestion points: Any source code file within the directories scanned by the tool. Boundary markers: None; matched code segments are returned directly to the agent's context as plain text or JSON. Capability inventory: The skill can read local files, execute the
ast-grepbinary via subprocess, and perform file writes when the--applyflag is used. Sanitization: The helper script parses the raw output from the binary and reformats it, providing a structural layer between the raw source data and the agent.
Audit Metadata