sentry-react-native-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses discovery commands such as
cat,grep,ls, andfindto identify project dependencies, navigation libraries, and build configurations. These are standard reconnaissance steps used to determine the correct setup path for the SDK. - [COMMAND_EXECUTION]: An inline Python script is used to parse
app.jsonfor environment detection, which is a benign utility function. - [REMOTE_CODE_EXECUTION]: Recommends executing the official
@sentry/wizardvianpxto automate the installation of the SDK, configuration of native build phases, and source map upload logic. As a tool provided by the authoring vendor (getsentry), this is considered safe. - [EXTERNAL_DOWNLOADS]: Facilitates the installation of the
@sentry/react-nativeSDK and other ecosystem dependencies (e.g., navigation and state management libraries) through standard package managers like npm, yarn, and expo. - [COMMAND_EXECUTION]: Guides the user to integrate Sentry-provided shell scripts (
sentry-xcode.sh,sentry-xcode-debug-files.sh) and Gradle plugins (sentry.gradle) into the native build process. These scripts are part of the official SDK and are necessary for performance features and source map management. - [SAFE]: The skill provides clear guidance on managing sensitive credentials, specifically advising that
SENTRY_AUTH_TOKENshould be handled via environment variables or CI secrets rather than being committed to version control.
Audit Metadata