contributing-md
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches a standard template from Sentry's official developer documentation domain (develop.sentry.dev). This is a known vendor source used to maintain compliance with Sentry SDK standards.\n- [PROMPT_INJECTION]: The skill processes untrusted content from the local repository, creating a surface for indirect prompt injection.\n
- Ingestion points: The skill reads repository configuration and documentation files, including .github/workflows/*.yml, Makefile, Taskfile.yml, tox.ini, and README.md (SKILL.md).\n
- Boundary markers: No delimiters or instructions are provided to the agent to treat external file content as untrusted data or to ignore embedded instructions.\n
- Capability inventory: The skill has the capability to read project files and write to the CONTRIBUTING.md file.\n
- Sanitization: There are no verification or sanitization steps defined for the content extracted from repository files before it is used in document generation.
Audit Metadata