sentry-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to add an external MCP server from
https://rube.app/mcp. This domain is not recognized as a trusted organization or well-known service according to the security guidelines. - [PROMPT_INJECTION]: The skill is subject to Indirect Prompt Injection (Category 8) due to its data processing model.
- Ingestion points: The skill reads potentially untrusted data from Sentry, including issue descriptions, event details, and stack traces via tools such as
SENTRY_LIST_AN_ISSUES_EVENTSandSENTRY_RETRIEVE_AN_ISSUE_EVENT(referenced in SKILL.md). - Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions that might be embedded within error logs or issue content.
- Capability inventory: The skill possesses the ability to modify external state through tools like
SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS,SENTRY_CREATE_RELEASE_FOR_ORGANIZATION, andSENTRY_UPDATE_A_MONITOR(referenced in SKILL.md). - Sanitization: No sanitization or validation logic is specified for the data retrieved from the Sentry API before it is processed by the agent.
Audit Metadata