Skills
skills/composiohq/awesome-codex-skills/sentry-triage/Gen Agent Trust Hub

sentry-triage

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download an installation script from the vendor's domain at https://composio.dev/install. This is a standard setup procedure for the vendor's tooling.
  • [REMOTE_CODE_EXECUTION]: Uses a piped-to-shell pattern (curl | bash) to execute the vendor's installation script. It also leverages composio run to execute arbitrary JavaScript/TypeScript code fragments and scripts for processing Sentry event data.
  • [COMMAND_EXECUTION]: Utilizes the composio CLI for executing tools and git show for inspecting local commits to identify regressions and potential fixes.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the Sentry API, including issue titles, culprit strings, and stack trace frames.
  • Ingestion points: Sentry API via SENTRY_GET_AN_ISSUE and SENTRY_LIST_AN_ISSUES_EVENTS (SKILL.md).
  • Boundary markers: None present; external data is processed directly as objects in the diagnostic script.
  • Capability inventory: File reading (git show, stack trace mapping), shell execution (composio), and dynamic code execution (composio run).
  • Sanitization: No specific sanitization or validation of the Sentry event data is described before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 07:30 PM