sentry-create-alert
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill constructs multiple shell commands using variables such as
{org},{token}, and{payload}. In Phase 4, the execution ofcurl -d '{payload}'is particularly risky if the agent does not properly escape the payload string, potentially allowing for command injection if an attacker can influence the configuration values.\n- CREDENTIALS_UNSAFE (MEDIUM): The skill explicitly requests and utilizes a Sentry Organization Auth Token. Handling this token within shell commands and environment variables increases the risk of credential exposure in system logs, shell history, or process monitoring tools.\n- INDIRECT_PROMPT_INJECTION (LOW): (Category 8) The skill ingests untrusted data from Sentry API endpoints in Phase 2 (member emails, team names, integration names). \n - Ingestion points: SKILL.md (Phase 2 API calls to /members/, /teams/, and /integrations/).\n
- Boundary markers: Absent; the agent is not instructed to ignore instructions embedded in the API responses.\n
- Capability inventory: Subprocess execution (curl, python3), network write operations (POST, DELETE).\n
- Sanitization: Absent; the skill does not include logic to sanitize or validate the strings returned from the Sentry API before they are processed by the agent.
Audit Metadata