Skills
NYC
skills/getsentry/sentry-agent-skills/sentry-pr-code-review/Gen Agent Trust Hub

sentry-pr-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through GitHub PR comments.
  • Ingestion points: The workflow in SKILL.md uses the GitHub CLI (gh api) to fetch comment data from external PRs.
  • Boundary markers: Absent. The skill explicitly instructs the agent to parse and follow instructions within a block titled "Prompt for AI Agent" found in the external comment body.
  • Capability inventory: The agent has permissions to read the local filesystem and modify code ("Implement fix"), which could be abused if malicious instructions are injected into a comment.
  • Sanitization: The skill performs minimal sanitization, relying solely on a username prefix check (startswith("sentry")) to verify the source of the instructions.
  • COMMAND_EXECUTION (SAFE): Use of the GitHub CLI (gh) for fetching PR metadata is a standard operation for this type of skill and does not involve executing arbitrary user-provided shell commands.
  • DATA_EXFILTRATION (SAFE): No evidence of hardcoded credentials, access to sensitive environment files (like .env or .ssh), or network requests to untrusted domains was found.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:01 PM