sentry-react-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands (e.g.,
cat,ls,grep) to perform environment discovery. These commands are used to identify the React version, installed routers (React Router, TanStack), and build tools (Vite, Webpack) to tailor the configuration advice. All commands use static, hardcoded file paths and do not incorporate untrusted input. - [EXTERNAL_DOWNLOADS]: The skill instructs users to install official Sentry packages, specifically
@sentry/reactand associated build plugins (Vite, Webpack, CRACO). These are legitimate vendor resources necessary for the skill's primary function. - [REMOTE_CODE_EXECUTION]: The documentation recommends using the official Sentry wizard (
npx @sentry/wizard@latest) for automated source map configuration. This is a standard, trusted tool provided by the vendor to simplify complex setup tasks. - [CREDENTIALS_UNSAFE]: The skill references sensitive configuration items such as
SENTRY_AUTH_TOKENandSENTRY_DSN. It follows security best practices by explicitly advising users to store these in environment variables (e.g.,.env.sentry-build-plugin) and providing warnings against committing these secrets to version control. - [DATA_EXFILTRATION]: While the skill facilitates the transmission of telemetry, error logs, and performance data to Sentry's infrastructure (e.g.,
sentry.io), this behavior is the core intended purpose of the SDK. The 'Session Replay' feature includes detailed guidance on privacy controls (masking text, blocking sensitive UI elements) to prevent the accidental capture of PII.
Audit Metadata