sentry-php-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing official Sentry SDK packages including sentry/sentry, sentry/sentry-laravel, and sentry/sentry-symfony via the Composer package manager. These are well-known, official libraries from a trusted vendor.
- [COMMAND_EXECUTION]: The skill utilizes local shell commands like grep, ls, and cat to detect project frameworks (Laravel, Symfony) and existing dependencies. These commands are diagnostic and scoped to the project's local metadata and directory structure.
- [DATA_EXFILTRATION]: The SDK is configured to transmit error, tracing, and profiling data to Sentry's official ingestion endpoints (e.g., ingest.sentry.io). This is the core functional purpose of the skill and is handled via standard configuration patterns.
- [PROMPT_INJECTION]: The skill ingests untrusted data from project configuration files (composer.json, package.json) to detect framework versions. While these files are external, the processing (grep/ls) does not involve complex prompt interpolation or high-privilege capabilities, resulting in a negligible risk of indirect prompt injection.
Audit Metadata