Skills
skills/synkraai/aios-core/coderabbit-review/Gen Agent Trust Hub

coderabbit-review

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Recommends the installation of the coderabbit-cli package via pip to facilitate automated code reviews.
  • [COMMAND_EXECUTION]: Uses wsl bash -c to execute commands on the host system, targeting a specific hardcoded path for the code review workspace.
  • [DATA_EXFILTRATION]: References a hardcoded local Windows user path (AllFluence-User), exposing local directory structure in the skill configuration.
  • [COMMAND_EXECUTION]: The skill processes output from the coderabbit CLI to perform 'auto-fixes' on local files. This creates an indirect prompt injection surface: 1. Ingestion point: CodeRabbit review findings (SKILL.md); 2. Boundary markers: Absent; 3. Capability inventory: WSL command execution and file modification (SKILL.md); 4. Sanitization: None specified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 03:39 PM
Security Audit — agent-trust-hub — coderabbit-review