Skills
skills/getsentry/agent-skills/sentry-pr-code-review/Gen Agent Trust Hub

sentry-pr-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the gh api command to interact with GitHub repositories and retrieve pull request comments. This is a legitimate use of a well-known service to perform its stated function.
  • [PROMPT_INJECTION]: The skill extracts an 'AI Prompt' from external PR comments and is instructed to follow it to implement fixes.
  • Ingestion points: Untrusted data enters the agent context via GitHub PR comments fetched in Phase 1 (SKILL.md).
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used when interpolating the extracted prompt into the agent's workflow.
  • Capability inventory: The agent has permissions to read and write files and generate summary reports.
  • Sanitization: The skill verifies that the commenter is sentry[bot], which limits the attack surface to Sentry's infrastructure, but it does not sanitize or validate the content of the comment itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 09:44 PM