sentry-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes error logs and event metadata that can be influenced by attackers.
- Ingestion points: Data is ingested via Sentry tools such as
SENTRY_LIST_AN_ISSUES_EVENTSandSENTRY_RETRIEVE_AN_ISSUE_EVENTas described in the Investigation workflow. - Boundary markers: The skill does not implement delimiters or specific instructions to the agent to ignore potentially malicious instructions embedded in Sentry events.
- Capability inventory: The agent has permission to perform sensitive actions including
SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS,SENTRY_CREATE_RELEASE_FOR_ORGANIZATION, andSENTRY_UPDATE_A_MONITOR. - Sanitization: There is no evidence of content sanitization or validation of strings retrieved from Sentry before they are used in the agent's context.
- [EXTERNAL_DOWNLOADS]: The skill requires connection to an external MCP server endpoint at
https://rube.app/mcpto provide its core functionality.
Audit Metadata