sentry-fix-issues
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from Sentry (Phases 1 & 2) and uses it to drive code investigation (Phase 4) and implementation of fixes (Phase 5). This creates a high-risk surface where external attackers can influence the agent's code-writing actions.
- Ingestion points: Sentry issue data, including exception messages, breadcrumbs, and request data via tools like sentry_get_event and sentry_get_issue.
- Boundary markers: Absent. The instructions do not provide delimiters or warnings to ignore instructions embedded in the Sentry data.
- Capability inventory: Reading local source files, accessing git history (git log, git blame), and modifying/writing code and tests in the local environment.
- Sanitization: Absent. The skill does not perform any validation or filtering of Sentry data before using it for reasoning or code generation.
- Data Exposure (MEDIUM): The skill intentionally accesses sensitive data from Sentry replays and request contexts (Phase 2). While functional, this increases the risk that an attacker-controlled injection could pivot to exfiltrating this PII or session data via the code-modification capabilities.
Recommendations
- AI detected serious security threats
Audit Metadata