sg
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
ast-grep(orsg) command-line utility. The provided patterns include searching local directories (src/,./) and performing automated code refactoring using the--rewriteand-U(update) flags, which modifies local files. - [INDIRECT_PROMPT_INJECTION]: The skill defines a workflow for processing untrusted data in the form of local source code.
- Ingestion points: The
ast-greptool reads content from files within the local repository (e.g.,src/,agent/extensions/). - Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat content within these files as untrusted or to ignore embedded instructions.
- Capability inventory: The agent has the capability to execute shell commands (
ast-grep) and modify the local filesystem based on the analysis of this code. - Sanitization: No explicit sanitization or validation of the processed source code is performed.
Audit Metadata