coderabbit-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an automated code review pipeline that processes untrusted data from Pull Request diffs, descriptions, and comments. This creates an attack surface for indirect prompt injection where an external contributor could embed instructions in a PR to influence or bypass the automated review logic.
- Ingestion points: Pull Request source code diffs and PR comments (handled via GitHub integration).
- Boundary markers: Absent. The configuration does not define explicit delimiters or instructions for the agent to ignore embedded commands in the code it reviews.
- Capability inventory: The skill enables the agent to use
WriteandEdittools to modify repository configuration (.coderabbit.yaml) and useBash(gh:*)for interacting with the GitHub API. - Sanitization: None. The workflow assumes the content of the PR is data to be analyzed but does not specify validation or sanitization of that content before processing.
Audit Metadata