pp-sentry
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
sentry-pp-cliutility usingnpx(from the@mvanhorn/printing-presspackage) andgo install(from thegithub.com/mvanhorn/printing-press-libraryrepository). These resources are identified as vendor-owned infrastructure. - [COMMAND_EXECUTION]: Executes the
sentry-pp-clibinary to perform Sentry management tasks, such as triaging issues, listing projects, and retrieving organization details. - [DATA_EXFILTRATION]: Includes a documented
--deliver webhook:<url>flag that allows forwarding command output to an arbitrary external URL. - [DATA_EXFILTRATION]: Supports an optional feedback mechanism that can transmit locally stored notes to a remote endpoint if the
SENTRY_FEEDBACK_ENDPOINTenvironment variable is configured. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from Sentry APIs and possesses capabilities to write to files or perform network operations.
- Ingestion points: External data from Sentry organizations, projects, and issues ingested via
sentry-pp-clicommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined for the ingested data.
- Capability inventory: File system writes (
--deliver file:<path>) and network requests (--deliver webhook:<url>) are available as described inSKILL.md. - Sanitization: No validation or sanitization of the external API responses is mentioned.
Audit Metadata