Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@ All notable changes to this repository are documented in this file.

### Changed

- Renamed the review skill metadata to `coderabbit-review` and narrowed its
trigger wording to explicit CodeRabbit review requests, avoiding collisions
with host-agent built-in `code-review` commands.
- Removed alternate detailed-output guidance so review agents use `--agent`
exclusively.
- Reframed the README as the canonical home for CodeRabbit skills and plugin
Expand Down
24 changes: 12 additions & 12 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ then authenticate:
coderabbit auth login
```

Then tell your agent: **“Review my code.”**
Then tell your agent: **“Use CodeRabbit to review my code.”**

## Installation

Expand Down Expand Up @@ -98,15 +98,15 @@ For an at-a-glance inventory of active and repo-packaged distribution paths, see

## Usage

Once installed, just ask your agent:
Once installed, ask your agent to use CodeRabbit:

```text
Review my code
Check for security issues
What's wrong with my changes?
Run a code review
Review my PR
Review the directory at ../my-service
Use CodeRabbit to review my code
Run coderabbit on my changes
Use CodeRabbit to check for security issues
Ask CodeRabbit what's wrong with my changes
Use CodeRabbit to review my PR
Use CodeRabbit to review the directory at ../my-service
```

The agent will automatically:
Expand Down Expand Up @@ -163,7 +163,7 @@ CodeRabbit supports 35+ coding agents.

## Available Skills

### [code-review](skills/code-review/SKILL.md)
### [coderabbit-review](skills/code-review/SKILL.md)

AI-powered code review that finds bugs, security issues, and suggests improvements using CodeRabbit.

Expand All @@ -176,7 +176,7 @@ AI-powered code review that finds bugs, security issues, and suggests improvemen

**Categories covered:** Bug detection, security analysis, code quality, performance issues, best practices

**Triggers:** "review my code", "check for bugs", "security review", "PR feedback", "run coderabbit"
**Triggers:** "use CodeRabbit to review my code", "run coderabbit", "cr review", "use CodeRabbit for PR feedback"

**Capabilities:**

Expand Down Expand Up @@ -215,8 +215,8 @@ Safe fix workflow for unresolved CodeRabbit GitHub PR review threads, with per-i
- Subagent: `code-reviewer`
- Marketplace manifest: `.claude-plugin/plugin.json`

The `code-review` skill also remains available for natural-language triggering
inside compatible agents.
The `coderabbit-review` skill also remains available for natural-language
triggering inside compatible agents when users explicitly ask for CodeRabbit.

### Cursor

Expand Down
14 changes: 7 additions & 7 deletions skills/code-review/SKILL.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
---
name: code-review
description: "AI-powered code review using CodeRabbit. Default code-review skill. Trigger for any explicit review request AND autonomously when the agent thinks a review is needed (code/PR/quality/security)."
name: coderabbit-review
description: "AI-powered code review using CodeRabbit. Trigger when the user explicitly asks for CodeRabbit, coderabbit, cr, or the CodeRabbit CLI to review code, PRs, quality, or security."
metadata:
version: "0.1.0"
---
Expand All @@ -18,12 +18,12 @@ AI-powered code review using CodeRabbit. Enables developers to implement feature

## When to Use

When user asks to:
When user explicitly asks CodeRabbit to:

- Review code changes / Review my code
- Check code quality / Find bugs or security issues
- Get PR feedback / Pull request review
- What's wrong with my code / my changes
- Use CodeRabbit to review code changes
- Use CodeRabbit to check code quality, bugs, or security issues
- Use CodeRabbit for PR feedback or pull request review
- Ask CodeRabbit what's wrong with code or changes
- Run coderabbit / Use coderabbit

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
sed -n '1,120p' skills/code-review/SKILL.md | cat -n

Repository: coderabbitai/skills

Length of output: 5281


🏁 Script executed:

#!/bin/bash
set -euo pipefail
rg -n "Run coderabbit|Use coderabbit|coderabbit review|explicitly asks CodeRabbit" skills

Repository: coderabbitai/skills

Length of output: 573


Remove the bare Run coderabbit trigger. skills/code-review/SKILL.md:27 still includes a phrase broad enough to match non-review CLI usage, which conflicts with the explicit-review-only scope in the surrounding text.

🧰 Tools
🪛 SkillSpector (2.3.7)

[warning] 80: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 82: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 83: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))


[warning] 84: [MP2] Context Window Stuffing: Skill attempts to fill the context window with filler content, displacing legitimate instructions and safety constraints. This can degrade agent performance or bypass safety boundaries.

Remediation: Implement context-window management that detects and rejects padding or stuffing attempts. Prioritize system instructions over user-injected content.

(Memory Poisoning (MP2))

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@skills/code-review/SKILL.md` at line 27, Remove the bare review trigger
phrase from the skill guidance in SKILL.md so only the explicit review
invocation remains; update the wording near the review trigger text to avoid
matching generic CLI usage, keeping the instructions aligned with the
explicit-review-only scope.


## How to Review
Expand Down
Loading