sentry-setup-logging
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONSAFE
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The skill provides examples of logging data (like userId or orderId) that may originate from untrusted user input. If these logs are subsequently processed by an AI agent, they could influence its behavior. Mandatory Evidence: 1. Ingestion points: Log message parameters in JavaScript, Python, and Ruby snippets. 2. Boundary markers: Absent. 3. Capability inventory: Writing data to external Sentry infrastructure. 4. Sanitization: No sanitization or escaping of log content is shown.
- [SAFE] (SAFE): False Positive Alert. The automated scan flagged Sentry.logger.info as a malicious URL; however, this is a standard programmatic API call within the Sentry SDK and does not represent a network threat.
- [COMMAND_EXECUTION] (SAFE): Shell commands used (grep, pip show, bundle show) are standard diagnostic operations used to verify software versions and do not pose a security risk.
- [CREDENTIALS_UNSAFE] (SAFE): The skill uses the placeholder 'YOUR_DSN', which is the recommended practice for documentation to avoid leaking active credentials.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata