coderabbit
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation and installation guides (e.g., in
SKILL.mdandreferences/cli-usage.md) provide commands to install the CodeRabbit CLI viacurl -fsSL https://cli.coderabbit.ai/install.sh | sh. This involves piping a remote script to the shell. The resource originates from the official domain of CodeRabbit, which is a recognized provider of AI developer tools. - [COMMAND_EXECUTION]: The helper script
scripts/run_coderabbit.pyuses thesubprocessmodule to executegitand thecoderabbitCLI. This functionality is essential for the skill's primary purpose of automating code reviews and verifying project states. - [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface as it instructs agents to process and implement fixes based on output generated by the external CodeRabbit CLI.
- Ingestion points: Review findings are captured in
coderabbit-report.txtand subsequently read by the AI agent. - Boundary markers: The skill lacks specific delimiters or instructional guardrails to prevent the agent from obeying potentially malicious instructions embedded in the external report.
- Capability inventory: The agent is granted capabilities to modify the codebase and execute commands based on the triaged findings.
- Sanitization: There is no evidence of sanitization or validation of the external output before it is processed by the agent.
Audit Metadata