The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires adding an unverified third-party MCP server (https://rube.app/mcp). This introduces supply-chain risk as the service is not from a known trusted source and handles Sentry API interactions.- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data ingestion patterns and high-privilege capabilities.
Ingestion points: Untrusted data enters the agent context through tools like 'SENTRY_LIST_AN_ORGANIZATIONS_ISSUES' and 'SENTRY_RETRIEVE_AN_ISSUE_EVENT' which fetch external issue descriptions, tags, and stack traces.
Boundary markers: Absent. The skill provides no instructions for the agent to delimit or ignore instructions embedded within the Sentry data.
Capability inventory: The skill has extensive write capabilities, including creating alert rules ('SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS'), managing releases ('SENTRY_CREATE_RELEASE_FOR_ORGANIZATION'), and updating monitors ('SENTRY_UPDATE_A_MONITOR').
Sanitization: Absent. There is no requirement for the agent to validate or escape data retrieved from Sentry before using it to inform subsequent actions.- [COMMAND_EXECUTION] (LOW): The skill defines a large number of tool-based operations for managing cloud infrastructure (Sentry). While these are the intended functionality, they represent a significant attack surface if the agent's logic is subverted via malicious input data.

sentry-automation