code-review
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
coderabbitCLI to perform code reviews and check authentication status. These operations are limited to the tool's core functionality. - [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the
coderabbitCLI from its official vendor website or via trusted package managers such as npm and Homebrew if it is not already present on the system. - [DATA_EXFILTRATION]: The skill documents that code diffs are transmitted to the CodeRabbit API for analysis. It proactively warns users to ensure staged changes do not contain secrets or credentials before starting the review process.
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to treat repository content and review outputs as untrusted data, providing mitigation against indirect prompt injection by advising against executing commands from these sources without explicit user approval.
Audit Metadata