Skills
skills/getsentry/sentry-for-ai/sentry-code-review/Gen Agent Trust Hub

sentry-code-review

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to extract and follow instructions from an external source (GitHub PR comments).
  • Ingestion points: Pull request comment bodies are fetched from GitHub via the gh api command or WebFetch tool.
  • Boundary markers: Absent. The skill specifically directs the agent to 'Read the Prompt for AI Agent section for specific context', without providing instructions to ignore potentially malicious commands within that text.
  • Capability inventory: The agent is granted high-privilege tools including Bash, Edit, Write, and WebFetch, which could be leveraged to perform unauthorized actions if the agent obeys an injected instruction.
  • Sanitization: No sanitization or validation is performed on the comment body; the skill only applies a basic username filter (startswith("sentry")), which can be bypassed by naming a malicious bot similarly.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to interact with the system and external APIs.
  • Evidence: The workflow executes gh api commands to retrieve repository data, utilizing string interpolation for repository and pull request identifiers.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 03:55 PM