Skills
skills/mgd34msu/goodvibes-gemini/code-smell-detector/Gen Agent Trust Hub

code-smell-detector

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses various shell commands including grep, awk, and find to analyze file contents and structure.
  • [EXTERNAL_DOWNLOADS]: The skill leverages npx to download and run third-party auditing tools like escomplex, jscpd, ts-prune, and depcheck from the npm registry.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted source code as data.
  • Ingestion points: The skill reads source code from projects to identify code smells and calculate metrics.
  • Boundary markers: None; the skill does not use delimiters to distinguish between the code being analyzed and instructions to the agent.
  • Capability inventory: The skill has extensive command execution capabilities and access to external package managers.
  • Sanitization: No sanitization or validation is performed on the content of analyzed files before it enters the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 07:52 AM