CodeRabbit CLI

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.90). These links include a direct install.sh served from an unrecognized domain and an explicit "curl ... | sh" install instruction (a high-risk distribution vector); the other two are documentation pages on the same unverified domain and do not mitigate the risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The installation instruction runs a remote script via "curl -fsSL https://cli.coderabbit.ai/install.sh | sh", which fetches and immediately executes remote code (a required install step), creating a high-risk external dependency.