coderabbit
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The setup instructions in SKILL.md contain the pattern
curl -fsSL https://cli.coderabbit.ai/install.sh | sh. This allows arbitrary remote code to be executed directly in the shell without verification. The source domaincoderabbit.aiis not a trusted source according to the [TRUST-SCOPE-RULE]. - [EXTERNAL_DOWNLOADS] (HIGH): The skill performs an untrusted download and execution of an installation script. Without integrity checks like checksums, this represents a significant supply chain risk.
- [COMMAND_EXECUTION] (MEDIUM): The skill frequently executes shell commands, manages background processes, and sources user profile files (
~/.zshrc,~/.bashrc), which increases the attack surface. - [PROMPT_INJECTION] (HIGH): As an Indirect Prompt Injection risk (Category 8), the skill processes untrusted code changes from external sources. Given its capability to execute commands and write to files, malicious instructions embedded in the code being reviewed could potentially hijack the agent's workflow.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://cli.coderabbit.ai/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata