The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It ingests untrusted error messages and stack traces from Sentry via mcp__sentry__get_issue_details and uses this data to drive code modification and test creation in Phase 2. An attacker who can trigger specific application errors can potentially influence the agent's behavior.
Ingestion points: Sentry issue details and error messages are fetched and processed during Phase 1 (SKILL.md Step 1.5).
Boundary markers: The instructions do not define any delimiters or warnings to ignore embedded instructions within the fetched Sentry data.
Capability inventory: The skill has extensive capabilities including file system writes, git operations (commit, push), GitHub PR management (gh CLI), and execution of project scripts (bun run, node).
Sanitization: No sanitization or validation of the fetched Sentry content is performed before it is used to influence agent actions.
[COMMAND_EXECUTION]: The skill performs extensive command-line operations to manage the development workflow. This includes git for branch management and commits, the gh CLI for pull requests, and bun/node for running linters, tests, and custom scripts (e.g., prek, check-i18n.js). Additionally, it uses mcp__chrome-devtools__evaluate_script to execute arbitrary JavaScript in the application's renderer process during verification.

fix-sentry