Skills
skills/jeremylongshore/claude-code-plugins-plus/coderabbit-incident-runbook/Gen Agent Trust Hub

coderabbit-incident-runbook

Fail

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Step 2 includes a command to delete branch protection rules using the GitHub API (gh api ... --method DELETE), which disables essential repository security controls.
  • [COMMAND_EXECUTION]: Step 3 performs runtime execution of a Python script via python3 -c to process configuration files.
  • [DATA_EXFILTRATION]: The skill uses gh api to extract repository installation data, PR metadata, and lists of merged PRs, potentially exposing internal development metrics.
  • [DATA_EXFILTRATION]: Step 1 retrieves service availability info from CodeRabbit's official status page.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data ingestion pipeline.
  • Ingestion points: Reads .coderabbit.yaml and pull request metadata (titles and review status) from the repository (Step 3).
  • Boundary markers: Absent; the skill does not use delimiters or instructions to prevent the agent from obeying commands embedded in the processed data.
  • Capability inventory: The skill has access to gh api for administrative writes, curl for network access, and python3 for command execution.
  • Sanitization: Absent; there is no validation or escaping of the repository-sourced data before it is utilized by the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 4, 2026, 03:40 PM