Skills
skills/vnord/coderabbit-skills/code-review/Gen Agent Trust Hub

code-review

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references official CodeRabbit installation resources and documentation. It explicitly advises against insecure installation methods, such as piping remote scripts to a shell, and recommends using package managers or verified binaries.
  • [DATA_EXFILTRATION]: While the skill involves sending code diffs to the CodeRabbit API, it proactively warns the user to ensure that no secrets or credentials are included in the staged changes, mitigating the risk of accidental data exposure.
  • [COMMAND_EXECUTION]: The skill utilizes the CodeRabbit CLI (coderabbit or cr) for its primary functionality. It includes a specific security note instructing the agent not to execute commands derived from the review results without explicit user approval.
  • [PROMPT_INJECTION]: The skill acknowledges the risk of indirect prompt injection from repository content or tool output. It implements a defensive posture by instructing the agent to treat this data as untrusted and requiring human-in-the-loop confirmation for any subsequent actions.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 07:34 AM
Security Audit — agent-trust-hub — code-review