skills/security-phoenix-demo/security-skills-claude-code/opengrep-rule-generator/Gen Agent Trust Hub
opengrep-rule-generator
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill is configured to use
WebSearchandWebFetchtools to retrieve vulnerability research, descriptions, and existing detection rules from well-known and authoritative services. Evidence inSKILL.md(Vulnerability Research Plan) shows the skill targets MITRE CWE (cwe.mitre.org), OWASP (owasp.org), and official community repositories on GitHub. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources to generate functional code and YAML rules.
- Ingestion points: External vulnerability data is fetched via web tools as specified in the 'Vulnerability Research Plan' in
SKILL.md. - Boundary markers: The instructions do not define delimiters or specific 'ignore embedded instructions' warnings for the fetched content.
- Capability inventory: The skill generates complex YAML rule files and source code test files (Python, Java, Go, etc.) as described in
SKILL.mdandREADME.md. - Sanitization: There is no explicit logic described for escaping or validating the content retrieved from external research before it is interpolated into the rule generation templates.
Audit Metadata