There are some fairly powerful tools like SIMBL or Airfoil/Instant Hijack which use code injection.
As far as I understand this, these tools inject their own code in other programs. This idea sounds dangerous to me as this seems to have the potential to make perfectly stable software fragile and "buggy". Also this seems to pose security risks.
Should these tools be avoided for stability or security reasons?
I believe it does not just refer to that kind of code injection for hacking or cracking a system.
It is also a technique often used in java world, with tools like AOP or IPojo.
When they make sense, they complement the current code, allowing them:
As long as the initial code can run without that code injection, the stability is less an issue.
Stability and security - in the case of those two benevolent usages of code injection - of the injected code should be evaluated in a separate test code.
It depends on what you're using it for and the quality of the code that is being injected. It's possible to have perfectly stable injected code. In fact, when I used to develop third party anti-cheat software for games, code injection was a big part of it, and I was often able to make the games more stable by eliminating bugs and exploits that the original game developers never fixed and no longer supported the game.
On the other hand, I would probably be skeptical of injecting third-party code into enterprise security, auditing or accounting software.