The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses standard shell commands (cat, grep, ls, find) to inspect the project environment and detect existing dependencies. This is a routine part of a setup wizard's detection phase and does not involve executing untrusted input.
[EXTERNAL_DOWNLOADS]: The skill references official Sentry resources, including the Sentry Wizard CLI via Homebrew (getsentry/tools/sentry-wizard) and official packages from the Flutter/Dart registry (pub.dev). These downloads are from trusted vendor sources and are necessary for the skill's primary purpose.
[CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill uses placeholders like 'YOUR_AUTH_TOKEN' and 'YOUR_SENTRY_DSN'. Furthermore, it explicitly advises users to use environment variables for authentication tokens rather than hardcoding them in configuration files like pubspec.yaml.
[DATA_EXFILTRATION]: While the skill configures data collection (error reporting, tracing, session replays), it does so within the context of the Sentry service. It includes clear documentation and code examples for privacy features, such as widget-level masking in session replays to prevent sensitive data exposure.
[INDIRECT_PROMPT_INJECTION]: The skill has a low attack surface for indirect injection. It reads project configuration files (pubspec.yaml) but only uses grep to find specific strings, which does not involve interpreting arbitrary content as instructions.

sentry-flutter-sdk