skills/polarsource/polar/fix-sentry/Gen Agent Trust Hub

fix-sentry

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from Sentry reports and Logfire logs, creating a potential surface for indirect prompt injection.
  • Ingestion points: Sentry issue IDs, error messages, stack traces, and Logfire log entries (SKILL.md).
  • Boundary markers: None identified. The agent is not instructed to ignore instructions embedded in the external data.
  • Capability inventory: Access to Git and GitHub CLI, plus execution of local codebase scripts (SKILL.md).
  • Sanitization: No sanitization steps are defined for the data retrieved from external platforms.
  • [COMMAND_EXECUTION]: The skill executes a local shell script to manage the development environment.
  • Evidence: Executes ./dev/create-worktree <branch-name> in SKILL.md. The risk is mitigated by explicit instructions to the agent to use a restricted character set for the branch name (lowercase, digits, underscores).
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 07:28 PM
Security Audit — agent-trust-hub — fix-sentry