sentry-create-alert
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to perform HTTP requests and uses Python scripts to parse the resulting data. Evidence: Phase 2 and Phase 4 use
curlto reach API endpoints andpython3 -cto extract IDs from the JSON response. - [EXTERNAL_DOWNLOADS]: Communicates with external Sentry API endpoints to retrieve and update alert configurations. Evidence: Requests are made to subdomains of
sentry.io, a well-known service. - [PROMPT_INJECTION]: Ingests and processes untrusted data from API responses, which could potentially contain malicious instructions.
- Ingestion points: Member emails, team names, and integration metadata from Sentry API.
- Boundary markers: None; the output of the data extraction is passed directly to the agent.
- Capability inventory: Subprocess execution for shell and Python tasks.
- Sanitization: None; the logic extracts and prints values from the API response without validation.
Audit Metadata