error-tracking
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill implements patterns for capturing application errors and metadata. While this creates a surface where untrusted data (like error messages or user IDs) is processed and sent to an external service, the risk is mitigated by explicit safety instructions.
- Ingestion points: Data enters the telemetry stream via
Sentry.captureExceptionand helper methods described inSKILL.md. - Boundary markers: The skill contains multiple warnings (e.g., '❌ NEVER expose sensitive data in error context') and a checklist to prevent PII/sensitive data leakage.
- Capability inventory: The skill uses the
@sentry/nodepackage to transmit data to the configured DSN. - Sanitization: Instructions require manual validation to ensure no sensitive content is interpolated into error logs.
- Note: Severity is downgraded to SAFE as the surface is fundamental to the skill's primary purpose and includes sufficient mitigation guidance.
- Data Exposure & Exfiltration (SAFE): The skill facilitates sending application data to an external Sentry endpoint.
- Evidence: The skill provides initialization and capture patterns in
SKILL.mdusing the@sentry/nodelibrary. - Mitigation: The skill correctly utilizes environment variables (e.g.,
process.env.SENTRY_DSN) and configuration placeholders instead of hardcoded secrets, and it includes robust warnings against the exposure of sensitive data.
Audit Metadata