The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the gh api command to modify repository branch protection rules in Step 5. Specifically, it updates the main branch to require coderabbitai status checks and mandatory reviews. While this is the intended purpose for 'production readiness,' it is a high-privilege operation that modifies repository security configurations.
[COMMAND_EXECUTION]: Shell scripts in Step 3 and Step 5 use variable interpolation for $OWNER and $REPO within gh api calls. Without proper sanitization or escaping, this could be vulnerable to command injection if the repository or organization names are controlled by an attacker or contain malicious shell metacharacters.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its data processing workflows:
Ingestion points: Reads the content of .coderabbit.yaml in Step 2 and fetches pull request/review metadata from the GitHub API in Step 3 (relative file paths: SKILL.md).
Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present when processing these external inputs.
Capability inventory: The skill has access to shell execution via Bash(gh:*), Bash(git:*), and Grep, as well as file reading capabilities.
Sanitization: While Step 2 uses yaml.safe_load() to mitigate standard YAML deserialization attacks, the shell variables interpolated in Step 3 and Step 5 lack sanitization.

coderabbit-prod-checklist