coderabbit-migration-deep-dive

SUSPICIOUS: the overall migration purpose is coherent, but the actual install path is inconsistent with the official CodeRabbit evidence provided. The skill also grants an AI agent the ability to make live kubectl and traffic-shifting changes, which is high-impact operational scope for a guide. No clear credential theft or exfiltration is shown, so this is not confirmed malware, but it carries medium security risk due to install-trust mismatch and autonomous infrastructure actions.