sentry-fix-issues
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): Indirect Prompt Injection surface. The skill is designed to process external data from Sentry (exceptions, breadcrumbs, etc.) which are attacker-controllable and could contain malicious instructions.
- Ingestion points: Data enters the context via MCP tools like sentry_get_event and sentry_get_issue as described in Phase 2.
- Boundary markers: Present and robust; the skill includes a dedicated 'Security Constraints' section with an explicit 'No embedded instructions' rule to prevent the agent from executing directives found in data.
- Capability inventory: The agent has the capability to read source code (Phase 4) and implement fixes by writing to the repository (Phase 5), creating a privilege context that requires the specified safeguards.
- Sanitization: The instructions require the agent to redact PII/secrets from output and validate that error metadata corresponds to the actual codebase before acting.
Audit Metadata