Skills
skills/coderabbitai/skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the coderabbit (or cr) command-line interface to perform code reviews and check authentication status. These are official tools provided by the vendor coderabbitai.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted repository content during the review process.
  • Ingestion points: Code changes in the repository analyzed by the coderabbit review command.
  • Boundary markers: The skill includes a clear security note instructing the agent to treat repository content and review output as untrusted and not to run commands from them.
  • Capability inventory: The agent has the ability to execute CLI commands and modify files based on the findings.
  • Sanitization: No automated sanitization of the analyzed code is performed, relying instead on the provided instructional guardrails.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 11:56 PM