openai-sentry
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection. (1) Ingestion points: Sentry issue and event data retrieved in scripts/sentry_api.py. (2) Boundary markers: Absent; there are no instructions to ignore instructions embedded in the logs. (3) Capability inventory: The agent is granted Bash, Write, and Edit tools in SKILL.md, and the Python script performs network operations. (4) Sanitization: scripts/sentry_api.py redacts PII like emails and IPs, but it does not sanitize or filter the log content for malicious instructions or prompt overrides.
- COMMAND_EXECUTION (MEDIUM): SKILL.md grants the agent high-privilege capabilities including Bash and file editing. This creates a dangerous execution surface if the agent follows instructions found within the processed Sentry data.
- DATA_EXFILTRATION (LOW): The skill performs network requests to sentry.io. Risk is mitigated by documentation that correctly advises the user to use environment variables and read-only tokens rather than providing credentials in the chat.
Recommendations
- AI detected serious security threats
Audit Metadata