coderabbit-workflow
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several vendor-provided TypeScript scripts using
node(e.g.,export-comments.ts,reply-to-threads.ts,run-local-review.ts). these are part of the 'bitsoex' vendor package.\n- [PROMPT_INJECTION]: Detected a vulnerability surface for indirect prompt injection via external CodeRabbit PR data.\n - Ingestion points: External PR comments are retrieved by the agent using the
scripts/export-comments.tsscript.\n - Boundary markers: The instructions do not define boundary markers or provide explicit warnings to the agent to disregard instructions that might be embedded within the CodeRabbit comments.\n
- Capability inventory: The agent has the ability to write to the local filesystem ("Apply fixes"), create Git commits, and push changes to remote repositories.\n
- Sanitization: There is no evidence of sanitization or validation of the ingested comment content before it is used by the agent to guide code modifications.
Audit Metadata