reviewing-with-coderabbit
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Risk
- Ingestion points: The agent ingests the contents of local source code files and the text output generated by the
coderabbitCLI tool during the review process. - Boundary markers: There are no explicit instructions to use delimiters or ignore instructions embedded within the code being analyzed, which could allow malicious comments in the code to influence the agent's fix-generation logic.
- Capability inventory: The skill empowers the agent to execute shell commands (
coderabbit review) and perform automated file writes to "fix" identified issues across up to 5 iterations. - Sanitization: The instructions do not define any sanitization or validation steps for the code or tool output before they are used to drive the automated modification loop.
- [COMMAND_EXECUTION]: Local CLI Interaction
- The skill executes the
coderabbitcommand-line interface to check installation status, authentication, and perform code reviews. This is the intended primary purpose of the skill. - [EXTERNAL_DOWNLOADS]: Reference to External CLI Installation
- The skill instructs the agent to provide the user with a command to download and install the CodeRabbit CLI from
https://cli.coderabbit.ai/install.sh. This targets the official domain of a well-known technology service.
Audit Metadata