The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute the ast-grep (sg) command-line utility for structural code analysis and transformation. This execution is confined to the skill's primary purpose of code exploration and refactoring.
[EXTERNAL_DOWNLOADS]: The documentation and examples provide instructions for installing the ast-grep CLI through trusted package managers such as npm, Homebrew, and Cargo. These sources are official and well-known technology registries.
[SAFE]: The skill includes numerous security rules (e.g., in the rules/security/ directory) designed to detect vulnerabilities like SQL injection, Cross-Site Scripting (XSS), and hardcoded credentials. These are static analysis patterns and do not contain malicious payloads or logic.
[SAFE]: It implements context-aware documentation fetching using the mcp__context7 interface to retrieve information from official ast-grep documentation sites, ensuring the agent uses verified and up-to-date reference material.
[SAFE]: The skill processes local source code files to perform its analysis. While this presents a surface for indirect prompt injection via code comments, the use of a structural pattern-matching engine (ast-grep) rather than direct execution of the content significantly reduces this risk.

moai-tool-ast-grep