coderabbit-review
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes local repository scripts (
./scripts/test.sh) and system binaries (swiftlint,git,coderabbit). While these are necessary for the skill's primary purpose of code review and validation, they rely on the integrity of the local environment and repository scripts. - [Indirect Prompt Injection] (LOW): The skill processes external data (CodeRabbit suggestions) which could be influenced by malicious code in a Pull Request.
- Ingestion points: CodeRabbit review comments parsed in Step 3.
- Boundary markers: Absent. The skill instructions do not specify delimiters or warnings for the subagent to ignore instructions embedded within the comments.
- Capability inventory: File system modification (via subagent in Step 4), arbitrary shell execution (Step 2 and 5), and version control operations (Step 6).
- Sanitization: None detected. The agent is instructed to 'parse' and 'evaluate' but not to sanitize or escape the content before passing it to a subagent.
Audit Metadata