ast-index
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary via a Homebrew tap (brew tap defendend/ast-index and brew install ast-index). This is a standard installation method for the tool provided by the vendor.
- [COMMAND_EXECUTION]: The skill functions by executing various subcommands of the ast-index CLI to perform code analysis, search, and indexing operations.
- [DATA_EXPOSURE]: The tool indexes the local codebase and stores the resulting metadata in a SQLite database located in the user's cache directory (~/Library/Caches/ast-index/ or ~/.cache/ast-index/).
- [PERSISTENCE]: Includes a command (ast-index install-claude-plugin) that installs a plugin to the user's ~/.claude/plugins/ directory to integrate the tool with the AI agent environment.
- [INDIRECT_PROMPT_INJECTION]: As the tool is designed to read and process arbitrary codebase content, it possesses an inherent surface for indirect prompt injection. Malicious instructions embedded in source code files could theoretically influence agent behavior during search results processing.
- Ingestion points: All files within the project root being indexed.
- Boundary markers: None explicitly defined in the prompt instructions to distinguish code content from instructions.
- Capability inventory: Execution of ast-index CLI commands, file system reads, and writing to the plugin directory.
- Sanitization: No explicit sanitization of codebase content before presentation to the agent is mentioned.
Audit Metadata