semgrep-rule-creator

skills-sh:trailofbits_skills__semgrep-rule-creator

View source

0/100

First Seen

Feb 18, 2026

Last Scanned

Feb 18, 2026

Findings

Score

0/100

HIGH 8

LOW 1

Findings (9)

HIGH NLP_CODE_MISMATCH prompt-injection L47

# BAD: Matches any function call
pattern: $FUNC(...)

# GOOD: Specific dangerous function
pattern: eval(...)

HIGH NLP_CODE_MISMATCH prompt-injection L73

# BAD: Only matches exact format
pattern: os.system("rm " + $VAR)

# GOOD: Matches all os.system calls with taint tracking
mode: taint
pattern-sinks:
  - pattern: os.system(...)

HIGH CMDEXEC_003 command-execution L74

os.system(

HIGH CMDEXEC_003 command-execution L79

os.system(

HIGH CMDEXEC_002 command-execution L103

eval($

HIGH NLP_CODE_MISMATCH prompt-injection L117

rules:
  - id: insecure-eval
    languages: [python]
    severity: HIGH
    message: User input passed to eval() allows code execution
    mode: taint
    pattern-sources:
      - pattern: request.arg...

HIGH CMDEXEC_002 command-execution L132

eval(r

HIGH CMDEXEC_002 command-execution L135

eval("

LOW INDIRECT_010 command-execution L4

allowed-tools:
  - Bash