fix-sentry-issues
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from external error monitoring platforms (Sentry) and logging services (Axiom). This creates a vulnerability surface for indirect prompt injection, where an attacker could influence agent behavior by triggering errors containing malicious instructions in metadata like URLs, parameters, or issue titles.
- Ingestion points: Sentry issue search (
search_issues), event details (get_issue_details), and Axiom log queries (axiom query). - Boundary markers: No delimiters or explicit instructions to ignore embedded content are used when processing log data.
- Capability inventory: The agent has the ability to perform network requests (
fetch), execute commands (axiom,git), and modify the filesystem. - Sanitization: The instructions do not specify any validation or sanitization for the data retrieved from external logs.
- [COMMAND_EXECUTION]: The skill executes shell-like queries via the Axiom CLI or MCP server, incorporating dynamic values from logs (e.g.,
axiom query "['shiori-events'] | where traceId == '<traceId>'" -f json). This pattern requires robust handling of thetraceIdvariable to prevent command injection. - [DATA_EXFILTRATION]: The instructions direct the agent to
fetch()URLs extracted from Sentry events to reproduce production issues. This behavior creates a risk of Server-Side Request Forgery (SSRF), where an attacker could craft malicious log entries that cause the agent to probe internal network services or access sensitive external domains.
Audit Metadata