coderabbit
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download the CodeRabbit CLI installer from the official domain cli.coderabbit.ai and references official documentation and changelogs.- [COMMAND_EXECUTION]: The run_coderabbit.py script and the instructional markdown files utilize subprocess calls and shell commands to interact with git and the coderabbit CLI tool for repository analysis and authentication status checks. The use of list-based arguments in Python's subprocess module mitigates shell injection risks.- [REMOTE_CODE_EXECUTION]: Installation instructions recommend piping a remote shell script from https://cli.coderabbit.ai/install.sh directly to the shell. This is the official installation method for the well-known CodeRabbit service and is documented neutrally as a prerequisite for the skill's functionality.
Audit Metadata