tree-sitting
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill's behavior is consistent with its stated purpose of providing AST-based code exploration and navigation.\n- [COMMAND_EXECUTION]: The skill uses
ctypes.CDLLinscripts/engine.pyto load pre-compiled tree-sitter grammar libraries located in theparsers/directory. While this involves executing binary code, it is the standard and documented method for adding language support to tree-sitter without requiring a local compiler. The binaries are provided by the vendor and are used exclusively for parsing.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads and processes external source code (Category 8). 1. Ingestion point:CodeCache.scaninscripts/engine.pyreads file contents. 2. Boundary markers: No delimiters are used to separate code from instructions in the tool output. 3. Capabilities:get_sourceandfile_symbolsinscripts/server.pyprovide read access across the codebase. 4. Sanitization: Source bytes are decoded with UTF-8 replacement. This risk is inherent to code analysis tools and is considered low.\n- [EXTERNAL_DOWNLOADS]: The documentation and scripts recommend installing well-known librariestree-sitterandfastmcpfrom standard package registries.
Audit Metadata