coderabbit
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches an installation script from the official CodeRabbit domain (https://cli.coderabbit.ai/install.sh).
- [REMOTE_CODE_EXECUTION]: Executes an installation script from CodeRabbit's official domain by piping its content directly into a shell environment (curl | sh).
- [COMMAND_EXECUTION]: Invokes local shell commands including 'git' and the 'coderabbit' CLI to perform branch analysis, authentication checks, and review triage.
- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where the agent processes external data from the 'coderabbit' CLI and local codebase files. 1. Ingestion points: CLI review output and local project files (SKILL.md). 2. Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when processing external content. 3. Capability inventory: The skill performs shell command execution for git and tool-specific tasks (SKILL.md). 4. Sanitization: No evidence of data validation or sanitization is present for ingested external content.
Recommendations
- HIGH: Downloads and executes remote code from: https://cli.coderabbit.ai/install.sh - DO NOT USE without thorough review
Audit Metadata