configure-sentry
Warn
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Utilizes dynamic context injection (the
!command syntax) to execute shell commands when the skill is loaded. Several of these commands target sensitive project areas, such as searching.envfiles and.github/workflows/forSENTRY_DSNpatterns. While intended to facilitate a security audit, silent execution of such discovery commands at load time is a privacy and security concern. - [COMMAND_EXECUTION]: Provides templates and instructions for the agent to use shell tools like
find,grep, andrg(ripgrep) to identify hardcoded secrets and analyze project dependencies. These are powerful capabilities that, while relevant to the skill's utility, could be misused if the agent is subverted. - [EXTERNAL_DOWNLOADS]: Instructs the agent to fetch the latest SDK versions from well-known package registries including npm and PyPI. These operations are performed via
WebSearchorWebFetchto ensure dependency compliance and are considered safe within the context of developer tooling. - [DATA_EXFILTRATION]: The skill is designed to locate and manage sensitive configuration data, specifically Sentry DSNs and Auth Tokens. It implements a 'Security Check' step to find hardcoded credentials. Although the objective is remediation (moving secrets to environment variables), the logic provides a template for identifying and accessing credentials across the file system, which represents a data exposure surface.
Audit Metadata