The Agent Skills Directory

Command Execution (MEDIUM): The skill directs the agent to execute curl commands and pipe the output into inline Python scripts (python3 -c). This pattern involves shell execution and interpolation of variables like {org}, {token}, and {payload} which can lead to shell injection if the agent provides malformed input.
Dynamic Execution (MEDIUM): Phase 2 utilizes inline Python scripts with placeholder strings (e.g., USER_EMAIL). If the agent replaces these placeholders without proper escaping, it could result in arbitrary Python code execution.
Indirect Prompt Injection (LOW): The skill ingests and processes data from external Sentry API endpoints (members, teams, integrations) without boundary markers or sanitization, creating an attack surface where malicious data within the Sentry account could influence the agent.
Ingestion points: SKILL.md (Phase 2 and Phase 5)
Boundary markers: Absent
Capability inventory: Subprocess calls via curl and python3 across Phase 2, 4, and 5.
Sanitization: Absent; the skill relies on direct output from curl into the Python parser.
Credential Handling (SAFE): The skill appropriately requests the Sentry auth token from the user at runtime and uses it in standard Authorization headers, avoiding hardcoded secrets.

sentry-create-alert