ast-grep
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill and its references provide documentation for using the ast-grep CLI. No malicious patterns, data exfiltration, or unauthorized remote code execution patterns were detected within the provided files.
- [PROMPT_INJECTION]: The skill describes a workflow that ingests user data to perform code searches, which is a potential surface for indirect prompt injection.
- Ingestion points: Natural language queries and code snippets provided by the user (SKILL.md).
- Boundary markers: No specific delimiters or boundary markers are defined to isolate user-provided input from the generated search commands.
- Capability inventory: The skill performs subprocess execution of the
ast-grepCLI, which accesses the local file system for analysis (SKILL.md). - Sanitization: There is no documented validation or sanitization of user-provided search patterns before they are passed to the CLI.
Audit Metadata