Skills
skills/getsentry/sentry/setup-dev/Gen Agent Trust Hub

setup-dev

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill downloads and executes shell scripts from external repositories to facilitate installation.\n
  • Fetches the Homebrew installation script from the official Homebrew GitHub repository.\n
  • Downloads the devenv installation script from the getsentry GitHub repository and pipes it directly to bash for execution.\n- [COMMAND_EXECUTION]: The skill performs various system configuration and application management commands.\n
  • Uses xcode-select, brew, and docker to manage system prerequisites and services.\n
  • Directly modifies shell configuration files (.zshrc, .bashrc) to update the system PATH and initialize environment hooks for direnv.\n
  • Executes devenv and devservices commands for environment synchronization and service orchestration.\n
  • Runs Sentry CLI tools to perform database migrations and initialize local application data.\n- [CREDENTIALS_UNSAFE]: The skill provides instructions for creating a local administrative user with a predefined password.\n
  • The command .venv/bin/sentry createuser includes the hardcoded password admin for initial setup in local development environments.\n- [EXTERNAL_DOWNLOADS]: The skill initiates the download of several software packages and service images.\n
  • Pulls multiple Docker images for services including PostgreSQL, Redis, Kafka, and ClickHouse as part of the application infrastructure setup.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface through its use of external documentation tools.\n
  • Ingestion points: The al_read_doc tool in SKILL.md reads content from the getsentry/devinfra-mcp documentation repository.\n
  • Boundary markers: Absent; there are no specified delimiters to separate external documentation content from agent instructions.\n
  • Capability inventory: The skill has extensive capabilities to execute shell commands and modify system configuration files.\n
  • Sanitization: Absent; the skill does not explicitly describe validation or sanitization of content retrieved from documentation repositories.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 04:57 PM