sentry
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill's 'Authentication' setup instructions include running
echo "$SENTRY_AUTH_TOKEN" | head -c 10. This command intentionally reveals the prefix of the sensitive authentication token in the terminal output, which may be captured in the agent's session history or system logs. - [EXTERNAL_DOWNLOADS]: The skill utilizes
npx @sentry/clifor many operations, which downloads and executes the Sentry CLI from the public npm registry. This is a well-known package provided by a trusted service provider. - [COMMAND_EXECUTION]: The skill executes various shell commands using
npx,curl, andpython3. These commands are used to query Sentry's API and manage issue states (resolve, mute, list). It also references a local script./scripts/sync-env.shfor environment management. - [PROMPT_INJECTION]: The skill interpolates user input directly into its instructions via the
$ARGUMENTSvariable inSKILL.md. This creates an attack surface for indirect prompt injection as there are no boundary markers or sanitization logic to prevent the input from overriding agent behavior. - Ingestion points: User-provided input via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: None identified; input is interpolated directly into a task instruction.
- Capability inventory: Subprocess execution (npx, scripts), network operations (curl), and environment variable access.
- Sanitization: No escaping, validation, or sanitization of the
$ARGUMENTScontent is performed.
Audit Metadata