pp-sentry

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the sentry-pp-cli utility using npx (from the @mvanhorn/printing-press package) and go install (from the github.com/mvanhorn/printing-press-library repository). These resources are identified as vendor-owned infrastructure.
  • [COMMAND_EXECUTION]: Executes the sentry-pp-cli binary to perform Sentry management tasks, such as triaging issues, listing projects, and retrieving organization details.
  • [DATA_EXFILTRATION]: Includes a documented --deliver webhook:<url> flag that allows forwarding command output to an arbitrary external URL.
  • [DATA_EXFILTRATION]: Supports an optional feedback mechanism that can transmit locally stored notes to a remote endpoint if the SENTRY_FEEDBACK_ENDPOINT environment variable is configured.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external data from Sentry APIs and possesses capabilities to write to files or perform network operations.
  • Ingestion points: External data from Sentry organizations, projects, and issues ingested via sentry-pp-cli commands in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded content are defined for the ingested data.
  • Capability inventory: File system writes (--deliver file:<path>) and network requests (--deliver webhook:<url>) are available as described in SKILL.md.
  • Sanitization: No validation or sanitization of the external API responses is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 04:10 AM
Security Audit — agent-trust-hub — pp-sentry