rm-sentry-issue-fixer
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted Sentry issue data (exception messages, breadcrumbs) which presents an indirect prompt injection surface.\n
- Ingestion points: Untrusted data enters via Sentry MCP tools like
get_issue_detailsandsearch_issue_events.\n - Boundary markers: The 'Security Constraints' section includes a 'No embedded instructions' rule to prevent the agent from obeying directives in data.\n
- Capability inventory: The skill involves file writes and shell execution (bash, git) to implement fixes.\n
- Sanitization: The skill mandates secret/PII redaction and code-consistency validation.\n- [COMMAND_EXECUTION]: The skill uses local shell scripts (
detect-default-branch.sh,make-branch-names.sh) and standard git commands for branch management. These operations are scoped to the project's local environment.\n- [DATA_EXFILTRATION]: While the skill accesses Sentry events that may contain sensitive data, it explicitly instructs the agent to redact credentials and PII from any output or test artifacts.
Audit Metadata