Skills
skills/trailofbits/skills/semgrep-rule-variant-creator/Gen Agent Trust Hub

semgrep-rule-variant-creator

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: Extensive review of the skill's instructions and reference files confirms it is a legitimate tool for security automation with no malicious functionality.
  • [COMMAND_EXECUTION]: The skill correctly uses the Bash tool to execute semgrep CLI commands. This is necessary for dumping ASTs, validating rules, and running tests against code snippets. All command execution is focused on the Semgrep workflow.
  • [EXTERNAL_DOWNLOADS]: The skill uses WebFetch to access official documentation from semgrep.dev and the vendor's own security handbook at appsec.guide. These are trusted resources used to guide the rule creation process.
  • [PROMPT_INJECTION]: The skill accepts user-provided Semgrep rules as input, creating an indirect prompt injection surface. The impact is minimized by the skill's specific task focus and lack of broad system capabilities.
  • Ingestion points: User-provided rule YAML content or file path specified in SKILL.md.
  • Boundary markers: The skill does not define clear delimiters for the ingested rule content.
  • Capability inventory: Filesystem Write access and Bash execution (for semgrep) are present in SKILL.md and references/workflow.md.
  • Sanitization: The skill does not explicitly sanitize the contents of the input rule before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:45 PM