sentry-automation
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the configuration of an external MCP server at
https://rube.app/mcp. This server provides the tool definitions and acts as the interface for Sentry automation. Users should verify the reliability of this endpoint as it resides outside the provided trusted vendors list.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to its interaction with external Sentry data.\n - Ingestion points: Untrusted data enters the agent context through tools such as
SENTRY_LIST_AN_ISSUES_EVENTSandSENTRY_RETRIEVE_AN_ISSUE_EVENT, which fetch issue descriptions, stack traces, and tag data from Sentry.\n - Boundary markers: The skill instructions do not specify any delimiters or safety prompts to prevent the agent from executing instructions potentially hidden in Sentry error reports.\n
- Capability inventory: The skill includes write-access tools such as
SENTRY_CREATE_PROJECT_RULE_FOR_ALERTS,SENTRY_CREATE_RELEASE_FOR_ORGANIZATION, andSENTRY_UPDATE_A_MONITOR, which could be exploited if an injection occurs.\n - Sanitization: No sanitization or validation logic is defined to inspect or clean the data retrieved from Sentry before processing.
Audit Metadata