configure-sentry

The skill correctly encapsulates required operations to detect and configure Sentry integrations, but its combination of automated file writes, CI workflow edits, and package installs poses meaningful supply-chain and secrets-exposure risks if used without strict controls. I found no explicit malicious code or exfiltration channels in the specification itself; the primary concerns are misuse or insufficient safeguards (unconfirmed --fix, unpinned installs, lack of report sanitization). Recommend adding explicit confirmations, version pinning and integrity verification, redaction of secrets in outputs, and human review for CI workflow changes.