sentry-backend-bugs
Pass
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze external, untrusted code diffs. Ingestion points: Scoped code chunks from the 'Warden diff pipeline' are processed as described in SKILL.md. Boundary markers: The skill lacks specific instructions or markers to distinguish untrusted data from instructions. Capability inventory: The agent is granted access to high-privilege tools including Bash, Read, Grep, and Glob. Sanitization: No evidence of input validation or sanitization of the provided code chunks was found.
- [COMMAND_EXECUTION]: The skill requests permission to use the Bash shell tool. This capability, while intended for legitimate code tracing, provides a powerful execution environment that could be exploited if the agent is compromised by malicious instructions within the analyzed code.
Audit Metadata