sentry-code-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk through external GitHub Pull Request comments.
- Ingestion points: Data is fetched from GitHub API (gh api) and WebFetch targeting PR comments.
- Boundary markers: None. Instructions explicitly direct the agent to follow a specific section titled 'Prompt for AI Agent' within the untrusted external content without isolation.
- Capability inventory: The agent has access to high-impact tools including Bash, Edit, and Write, which can be misused if malicious instructions are processed.
- Sanitization: Limited. The skill relies on a simple username prefix check ('sentry') which can be spoofed in various PR environments.
Audit Metadata