skills/jeremylongshore/claude-code-plugins-plus-skills/coderabbit-migration-deep-dive/Gen Agent Trust Hub
coderabbit-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
@coderabbit/sdkpackage from the npm registry to enable connectivity with the CodeRabbit service. - [COMMAND_EXECUTION]: The skill uses bash commands to identify integration points in local source code and to manage application deployments via Kubernetes.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and processes content from the local filesystem during the assessment phase.
- Ingestion points: Local project files searched using
findandgrepcommands (SKILL.md). - Boundary markers: No delimiters or specific instructions to ignore embedded commands within the searched files are provided.
- Capability inventory: The skill has access to file modification tools and shell command execution including package management and cluster orchestration (SKILL.md).
- Sanitization: Content from project files is processed directly without sanitization or validation logic.
Audit Metadata