code-smell-detector
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs 'radon' and 'pylint' using the pip package manager. These are well-known technology services used for software metrics and static analysis, and their inclusion is considered safe.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because the agent is instructed to read and analyze untrusted source code from the project directory. 1. Ingestion points: Source code is ingested via file reading in 'scripts/detect_smells.py' and through manual review instructions in 'SKILL.md'. 2. Boundary markers: The skill does not implement delimiters or provide specific instructions for the agent to ignore natural language instructions that might be embedded in the code comments of analyzed files. 3. Capability inventory: The agent has the capability to execute shell commands and run Python scripts in the local environment. 4. Sanitization: No sanitization or filtering is performed on the ingested code content before it is processed by the agent.
Audit Metadata