sentry-automation
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires connecting to an external MCP server at
https://rube.app/mcp. This domain is not recognized as a Trusted External Source, posing a risk of supply chain compromise or unauthorized data access by the service provider.\n- [DATA_EXFILTRATION] (LOW): Sensitive data including organization details, project issues, and stack traces are processed through therube.appendpoint. While this is the intended functionality, the destination is not on the trusted whitelist for network operations.\n- [PROMPT_INJECTION] (LOW): Vulnerability to Indirect Prompt Injection (Category 8).\n - Ingestion points:
SENTRY_RETRIEVE_AN_ISSUE_EVENT(stack traces) andSENTRY_LIST_AN_ORGANIZATIONS_ISSUES(issue content) read data from external sources.\n - Boundary markers: Absent. No delimiters or instructions are provided to the agent to treat external Sentry data as untrusted or separate from system instructions.\n
- Capability inventory: The skill possesses high-privilege capabilities, such as
SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS,SENTRY_UPDATE_A_MONITOR, andSENTRY_CREATE_RELEASE_FOR_ORGANIZATION.\n - Sanitization: No evidence of sanitization or validation of the retrieved content is present, allowing potential malicious strings in error logs to influence agent behavior.
Audit Metadata