sentry-react-sdk
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands to detect the project's framework, router, and dependencies.
- Evidence: Commands such as
cat package.json | grep -E '"react"|"react-dom"'andls vite.config.tsare used in the detection phase to provide context-aware recommendations. - [EXTERNAL_DOWNLOADS]: The skill directs users to install official Sentry SDK packages and plugins from the NPM registry.
- Evidence: Installation commands include
npm install @sentry/react,@sentry/vite-plugin, and@sentry/webpack-plugin. - [REMOTE_CODE_EXECUTION]: The skill suggests using the official Sentry Wizard to automate configuration.
- Evidence: The reference files recommend
npx @sentry/wizard@latest -i sourcemaps. This execution is a standard vendor-provided utility for setting up build-time features. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests local project files (
package.json, config files) to generate instructions. - Ingestion points:
package.json,vite.config.ts,../go.mod,../requirements.txt, etc. - Boundary markers: Absent.
- Capability inventory: Executes local read commands (
cat,ls,grep) and provides code implementation steps. - Sanitization: Absent. Note: The risk is considered negligible as it requires local file manipulation by an attacker and the resulting output is instructional for the user.
Audit Metadata