Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-debug-bundle/Gen Agent Trust Hub

coderabbit-debug-bundle

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses system logs and configuration files.
  • Evidence: The skill reads ~/.npm/_logs/*.log and .env to extract diagnostic data and environment variables.
  • Context: A redaction step using sed is implemented to mask environment variable values before they are added to the diagnostic bundle to mitigate the risk of accidental secret exposure.
  • [EXTERNAL_DOWNLOADS]: Performs a network connectivity test to a remote service.
  • Evidence: Uses curl to probe the health status of api.coderabbit.com.
  • Context: The request targets a well-known service domain associated with the skill's primary troubleshooting purpose.
  • [PROMPT_INJECTION]: Vulnerability surface identified for indirect prompt injection via the processing of untrusted local data.
  • Ingestion points: Reads content from local application logs (~/.npm/_logs/*.log) and configuration files (.env).
  • Boundary markers: No delimiters or explicit instructions are provided to the agent to treat the collected content as untrusted data.
  • Capability inventory: The skill has the capability to read files, create directories, execute shell commands, and perform network connectivity tests.
  • Sanitization: Employs regex-based redaction to mask secrets within environment variables, though logs remain unvalidated.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 01:08 AM
Security Audit — agent-trust-hub — coderabbit-debug-bundle