tree-sitting

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill's behavior is consistent with its stated purpose of providing AST-based code exploration and navigation.\n- [COMMAND_EXECUTION]: The skill uses ctypes.CDLL in scripts/engine.py to load pre-compiled tree-sitter grammar libraries located in the parsers/ directory. While this involves executing binary code, it is the standard and documented method for adding language support to tree-sitter without requiring a local compiler. The binaries are provided by the vendor and are used exclusively for parsing.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes external source code (Category 8). 1. Ingestion point: CodeCache.scan in scripts/engine.py reads file contents. 2. Boundary markers: No delimiters are used to separate code from instructions in the tool output. 3. Capabilities: get_source and file_symbols in scripts/server.py provide read access across the codebase. 4. Sanitization: Source bytes are decoded with UTF-8 replacement. This risk is inherent to code analysis tools and is considered low.\n- [EXTERNAL_DOWNLOADS]: The documentation and scripts recommend installing well-known libraries tree-sitter and fastmcp from standard package registries.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — tree-sitting