fix-sentry
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from Sentry reports and Logfire logs, creating a potential surface for indirect prompt injection.
- Ingestion points: Sentry issue IDs, error messages, stack traces, and Logfire log entries (SKILL.md).
- Boundary markers: None identified. The agent is not instructed to ignore instructions embedded in the external data.
- Capability inventory: Access to Git and GitHub CLI, plus execution of local codebase scripts (SKILL.md).
- Sanitization: No sanitization steps are defined for the data retrieved from external platforms.
- [COMMAND_EXECUTION]: The skill executes a local shell script to manage the development environment.
- Evidence: Executes
./dev/create-worktree <branch-name>in SKILL.md. The risk is mitigated by explicit instructions to the agent to use a restricted character set for the branch name (lowercase, digits, underscores).
Audit Metadata