skills/jeremylongshore/claude-code-plugins-plus-skills/sentry-release-management/Gen Agent Trust Hub
sentry-release-management
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs shell operations using
sentry-cliandgitto manage the release lifecycle, including commit association and artifact uploads. This behavior is consistent with the skill's stated purpose and configuration. - [EXTERNAL_DOWNLOADS]: The instructions include the installation of the
@sentry/clipackage via npm. Sentry is a well-known service provider, and this dependency is expected for the skill's functionality. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by interpolating data from project files into shell commands. * Ingestion points: Reads version info from
package.jsonusingnode -pand commit identifiers viagit rev-parse. * Boundary markers: Absent; data is directly used in shell command strings. * Capability inventory: Executesbashcommands forsentry-cli,git, andnode. * Sanitization: No explicit escaping or validation is performed on the data extracted frompackage.jsonorgitbefore usage in shell commands.
Audit Metadata