The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external Sentry reports which could be manipulated by third parties.
Ingestion points: Sentry issue lists and details fetched via API in SKILL.md.
Boundary markers: Absent; no specific instructions to treat Sentry data as untrusted or separate from the prompt.
Capability inventory: The agent has access to the Bash tool (SKILL.md) and file system read tools.
Sanitization: No evidence of output sanitization or filtering for the data retrieved from the Sentry API.
[DATA_EXFILTRATION]: The skill performs network operations to sentry.io and manages authentication tokens.
Network operations: Uses curl and WebFetch to interact with sentry.io for error tracking and performance monitoring, which is a well-known service.
Security posture: Follows security best practices by avoiding hardcoded credentials and instructing the use of environment variables for SENTRY_AUTH_TOKEN.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute curl commands for API interaction.
Evidence: SKILL.md provides bash examples for listing issues, resolving issues, and creating releases.
Mitigation: Destructive operations like resolving issues or creating releases are documented as requiring explicit user confirmation.

sentry-monitoring