sentinel-api
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, deceptive behaviors, or unauthorized operations were detected in the skill instructions or bundled scripts.
- [CREDENTIALS_UNSAFE]: The skill implements safe credential handling by utilizing an environment variable (SENTINEL_API_KEY) and explicitly instructing against the use of hardcoded keys or command-line arguments.
- [COMMAND_EXECUTION]: The use of local system commands (git, curl) is restricted to the necessary tasks of bundling repository code and interacting with the Sentinel REST API.
- [DATA_EXFILTRATION]: The skill transfers repository source code to the external endpoint sentinel.deepsource.com. This is the primary and disclosed function of the skill, and the transmission occurs via authenticated requests and signed upload URLs.
- [PROMPT_INJECTION]: While the agent processes external data in the form of analysis results and code patches, this indirect prompt injection surface is inherent to the tool's function and is managed by the specific context of security reporting.
Audit Metadata