coderabbit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documents an installation procedure for the CodeRabbit CLI using a remote script: curl -fsSL https://cli.coderabbit.ai/install.sh | sh. The script is hosted on the official domain for the well-known CodeRabbit service.
- [COMMAND_EXECUTION]: User-provided flags and parameters from the $ARGUMENTS variable are parsed and incorporated into shell commands for the coderabbit CLI, which involves dynamic command assembly.
- [PROMPT_INJECTION]: The skill processes untrusted findings from external GitHub PR comments and reviews, which creates a surface for indirect instructions to influence the agent's file analysis and code generation. . Ingestion points: Data fetched via gh api from issues, reviews, and comments in SKILL.md. . Boundary markers: None identified in the workflow logic. . Capability inventory: File reading, repository configuration analysis, and code fix generation. . Sanitization: No explicit sanitization of comment bodies; however, the triage process in references/triage.md requires human verification for findings on critical paths.
Audit Metadata