skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-performance-tuning/Gen Agent Trust Hub
coderabbit-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill interacts with external data from the CodeRabbit API, creating a potential surface for indirect prompt injection where malicious content in the response could attempt to influence the agent.
- Ingestion points: Untrusted data enters the agent context via API responses in the
fetcherandbatchGetfunctions in SKILL.md. - Boundary markers: The provided code snippets do not include explicit delimiters or instructions to ignore embedded commands within the fetched data.
- Capability inventory: The skill is granted
Read,Write, andEditpermissions, which could be misused if an injection were successful. - Sanitization: No explicit sanitization or validation of the API data is demonstrated in the implementation examples.
Audit Metadata