sentry-nestjs-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard shell utilities (grep, ls) and Node.js commands to inspect the local project environment for the purpose of configuration discovery. These operations are read-only and restricted to local project metadata.
- [EXTERNAL_DOWNLOADS]: The skill recommends installing official Sentry packages, such as
@sentry/nestjsand@sentry/profiling-node, from the npm registry. These are trusted vendor resources. - [DATA_EXFILTRATION]: Configuration templates emphasize the use of environment variables for the Sentry DSN, which is a security best practice. The documentation provides clear privacy warnings regarding the capture of PII (Personally Identifiable Information) when enabling specific monitoring features like AI prompt tracking.
- [PROMPT_INJECTION]: The skill gathers project context from files like package.json and source code. While this constitutes an ingestion surface for indirect prompt injection, the skill uses this data solely for local configuration guidance without executing any instructions contained within the scanned files. Ingestion points: package.json, main.ts, and project directory listings. Boundary markers: Absent. Capability inventory: npm installation and file system reads. Sanitization: Absent. The risk is assessed as safe given the non-executable nature of the processed data.
Audit Metadata