codeprobe-code-smells
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands, specifically 'Grep' via the 'Bash' tool, to perform project-wide searches for patterns such as unused functions (dead code) and specific string literals.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted data (the project codebase and configuration files).
- Ingestion points: Reads content from the user's project source code and a configuration file named '.codeprobe-config.json' (SKILL.md).
- Boundary markers: The instructions do not define delimiters or specific markers to help the agent distinguish between code content and potential malicious instructions embedded in comments or strings (SKILL.md).
- Capability inventory: The skill has access to 'Bash', 'Grep', 'Read', and 'Glob', allowing it to interact with the file system and execute shell-based search operations (SKILL.md).
- Sanitization: There are no instructions for sanitizing or validating ingested file content before it is processed by the agent or passed to shell tools.
Audit Metadata