Skills
skills/getsentry/sentry-agent-skills/sentry-pr-code-review/Gen Agent Trust Hub

sentry-pr-code-review

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is designed to extract and follow a specific 'AI Prompt' block from GitHub PR comments. \n
  • Ingestion points: GitHub PR comment body fetched via gh api. \n
  • Boundary markers: Absent. \n
  • Capability inventory: gh CLI and File System (write). \n
  • Sanitization: Absent. The workflow blindly parses the comment body and treats the 'AI Prompt' sections as instructions. \n- COMMAND_EXECUTION (SAFE): The skill uses the GitHub CLI (gh) to fetch data. This is the intended mechanism for data retrieval. \n- AUTHENTICATION (LOW): The skill filters for comments where the username starts with 'sentry'. This is a weak check that could be bypassed by malicious users (e.g., 'sentry-impersonator'), allowing them to supply the 'AI Prompt' used for code modification.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 03:07 PM