codeprobe-code-smells
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to use the
Bashtool for performing complex search and analysis tasks across the project codebase. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted project files and utilizes terminal-based tools. Ingestion points: Project source code is read using
Read,Grep, andGlobtools, and configuration is loaded from.codeprobe-config.json. Boundary markers: There are no instructions to differentiate between the code being analyzed and potential instructions embedded in that code. Capability inventory: The skill usesBash,Read,Grep, andGlob. Sanitization: No input validation or content filtering is implemented for the analyzed files.
Audit Metadata