coderabbit
Fail
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill requires downloading a shell script from "https://cli.coderabbit.ai/install.sh" and piping it directly to the system shell ("sh"). This allows for arbitrary code execution on the user's machine if the remote script or the transmission is compromised.- [COMMAND_EXECUTION]: The skill automates the execution of the "coderabbit" CLI tool, which has broad access to the local git repository and source code files to perform analysis and apply fixes.- [DATA_EXFILTRATION]: The skill transmits local source code, including uncommitted changes, to external servers at "coderabbit.ai" for AI analysis. While this is the intended purpose, it involves sending potentially sensitive intellectual property to a third-party service.- [EXTERNAL_DOWNLOADS]: The skill relies on fetching an external installation script from a domain not explicitly whitelisted as a trusted source in the provided configuration.- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it processes code changes and configuration files that could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Reads local source code, ".coderabbit.yaml", ".cursorrules", and "claude.md".
- Boundary markers: Absent. No delimiters or warnings to ignore instructions embedded in data are used.
- Capability inventory: Subprocess execution via the "coderabbit" CLI and file modification capabilities.
- Sanitization: Absent. No documented sanitization or validation of external content before processing.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.coderabbit.ai/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata