coderabbit

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). The schema JSON appears to be a benign config file, but the installer is a direct .sh download (and the prompt even pipes it to sh), which is a high-risk distribution pattern because running an unreviewed shell script from an external domain can execute arbitrary code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's docs and workflow explicitly require the agent to read and act on untrusted, user-generated sources — e.g., GitHub PR comments/descriptions and repository files (references/github-commands.md, SKILL.md) and optional web search results via knowledge_base.web_search (references/configuration.md) — and those inputs are used to trigger reviews and automatic fixes, so third-party content can influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs users to run a remote install script that is fetched and executed at runtime via "curl -fsSL https://cli.coderabbit.ai/install.sh | sh", which downloads and executes remote code and is presented as a required dependency for the CLI-based workflows.