Skills
skills/phrazzld/claude-config/sentry-observability/Gen Agent Trust Hub

sentry-observability

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution (CRITICAL): The file scripts/_common.sh defines a function require_sentry_cli that instructs the agent to execute curl -sL https://sentry.io/get-cli/ | bash. This pattern executes a remote script without verification and is a high-risk security flaw.
  • External Downloads (HIGH): The scripts/init_sentry.sh script executes npx @sentry/wizard@latest, which downloads and runs remote code. It also installs multiple npm packages like @sentry/nextjs and @sentry/react.
  • Data Exfiltration (MEDIUM): The skill reads sensitive configuration files like .env.local and .sentryclirc to retrieve SENTRY_AUTH_TOKEN and then transmits this token to sentry.io via curl in the api_call function. While this is the intended functionality, the destination is not on the trusted whitelist and involves sensitive file access.
  • Command Execution (MEDIUM): The skill relies on numerous shell scripts to perform environment detection, file system modifications, and system interactions.
  • Indirect Prompt Injection (LOW): The scripts scripts/issue_detail.sh and scripts/list_issues.sh fetch issue titles and descriptions from the Sentry API and process them as raw data. An attacker could potentially influence agent behavior by injecting malicious instructions into Sentry issue metadata.
Recommendations
  • HIGH: Downloads and executes remote code from: https://sentry.io/get-cli/ - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:22 PM