coderabbit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and parses user-generated content from GitHub PRs (see SKILL.md "Fetch CodeRabbit Comments" with gh api calls to repos/{owner}/{repo}/issues/{pr_number}/comments, pulls/{pr_number}/reviews, and pulls/{pr_number}/comments), and it reads and acts on those comments to generate findings, triage decisions, and fix plans, so untrusted third-party content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's local-review prerequisite tells users to install the CLI via a runtime command that fetches and executes remote code ("curl -fsSL https://cli.coderabbit.ai/install.sh | sh"), which is a required dependency for the local review path.