error-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill emphasizes security by explicitly prohibiting the inclusion of sensitive data in error reports. It uses environment variables (
process.env.SENTRY_DSN) for configuration rather than hardcoding credentials. - [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill references established, industry-standard libraries (
@sentry/node,@sentry/profiling-node). It does not contain commands for downloading or executing untrusted external scripts. - [Indirect Prompt Injection] (LOW): While the skill defines how to ingest user-related data (like
userIdormetadata) into Sentry spans, it includes a clear instruction to avoid sensitive data exposure. As a documentation-focused skill, the risk of it being used as an injection vector is minimal and consistent with standard development practices. - [Command Execution] (SAFE): The provided
curlcommands are for testing local endpoints (localhost) and do not pose a risk of unauthorized remote command execution.
Audit Metadata