sentry-server
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to ingest untrusted data (existing project code) and possesses high-privilege write capabilities with no human-in-the-loop requirement.
- Ingestion points: Scans and reads files across
src/lib/actions/,src/lib/facades/,src/lib/middleware/,src/app/api/, andsrc/instrumentation.ts. - Boundary markers: Absent. The skill lacks instructions to use delimiters or ignore embedded directives within the files it analyzes.
- Capability inventory: Authorized to "Auto-fix all violations (no permission needed)" across all targeted files, including security-critical files like
src/middleware.ts(authentication/authorization) andsrc/instrumentation.ts. - Sanitization: Absent. There is no requirement for the agent to validate that the "violations" or the "fixes" aren't influenced by malicious content inside the code being processed.
- Risk: An attacker could place malicious instructions inside a code comment or string in an API route or server action. When the agent scans this file for Sentry violations, it could be tricked into modifying
middleware.tsto bypass security checks under the guise of "fixing" Sentry patterns.
Recommendations
- AI detected serious security threats
Audit Metadata