cli-sentry
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The script
scripts/check-sentry.shexplicitly suggests a piped remote execution pattern for installation:curl -sL https://sentry.io/get-cli/ | bash. This is a classic RCE vector that bypasses package manager safety checks and executes unverified remote content directly in the shell. - [CREDENTIALS_UNSAFE] (HIGH): The skill is designed to read and export sensitive authentication data from
~/.sentryclircand environment variables. Thelib.shhelper andscripts/check-sentry.shlogic retrieveSENTRY_AUTH_TOKEN, exposing raw API credentials to the agent's processing environment. - [COMMAND_EXECUTION] (MEDIUM):
scripts/sentry-api.shprovides a wrapper for making authenticated HTTP requests. While it attempts to block theDELETEmethod, it allows arbitraryGET,POST, andPUTrequests to the Sentry API using placeholders. This creates a surface where a malicious prompt could trick the agent into performing unauthorized state-changing operations on the user's Sentry projects. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill performs multiple unpinned network operations using
curltohttps://sentry.io. While targeting a reputable service, the lack of integrity checks on the downloaded content (especially in the suggested installation command) poses a supply-chain risk. - [DATA_EXFILTRATION] (LOW): By design, the skill fetches issues and event data from Sentry. While this is the intended purpose, it involves pulling potentially sensitive application error data (including stack traces and user context) into the agent's context.
Recommendations
- HIGH: Downloads and executes remote code from: https://sentry.io/get-cli/ - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata