configure-sentry
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill performs scans for sensitive information and accesses restricted configuration files as part of its auditing process.
- Evidence: Searches for SENTRY_DSN and SENTRY_AUTH_TOKEN within source files, .env files, and GitHub workflow YAMLs to ensure security compliance.
- [PROMPT_INJECTION]: The skill processes untrusted data from local project files which could potentially be manipulated to influence agent behavior.
- Ingestion points: Reads files such as package.json, pyproject.toml, and .project-standards.yaml to determine project status.
- Boundary markers: No explicit delimiters are used to distinguish untrusted file content from the agent's logic.
- Capability inventory: The skill has access to Bash, Write, and Edit tools, which could be misused if malicious content in the files influences the agent's actions.
- Sanitization: There is no evidence of content sanitization or validation before the data is used in decision-making steps.
- [COMMAND_EXECUTION]: The skill utilizes shell commands to perform file searches and audit source code.
- Evidence: Uses find and grep/ripgrep to locate initialization files and detect hardcoded Sentry credentials.
- [EXTERNAL_DOWNLOADS]: Fetches version information for SDKs from trusted package registries.
- Evidence: Checks latest versions for @sentry/node, @sentry/vue, and sentry-sdk via npmjs.com and pypi.org using WebFetch.
Audit Metadata