The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server endpoint (https://rube.app/mcp). This server acts as a remote provider for the Sentry automation tools, meaning the execution of these tools is delegated to an external infrastructure not controlled by the user or the primary platform.
[DATA_EXFILTRATION]: By using the rube.app MCP server to manage Sentry, sensitive organizational data—including issue details, stack traces (which may contain environment variables or customer data), and member lists—is processed by this third-party service. The skill documentation claims 'No API keys needed', suggesting the third-party service manages authentication and access tokens on behalf of the user, which centralizes sensitive access credentials on their platform.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It is designed to ingest and process data from Sentry events and issues, which can include attacker-controlled content such as HTTP request payloads, headers, or log messages.
Ingestion points: Sentry event details and stack traces via tools like SENTRY_LIST_AN_ISSUES_EVENTS and SENTRY_RETRIEVE_AN_ISSUE_EVENT (SKILL.md).
Boundary markers: None identified. The skill does not provide instructions to the agent to treat external data as untrusted or to ignore embedded instructions within logs.
Capability inventory: The skill possesses significant write/modify capabilities, including SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS (alert configuration), SENTRY_UPDATE_A_MONITOR (cron job configuration), and SENTRY_CREATE_RELEASE_FOR_ORGANIZATION (release management).
Sanitization: None. The skill relies on raw data retrieval and lacks explicit sanitization or validation steps before the agent processes the retrieved content.

sentry-automation