Security Audit

sentry

github.com/tech-leads-club/agent-skills

AI SkillCommit f4b5c7d699b8

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sentry received a trust score of 84/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.

SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Suspicious import: urllib.request, Sensitive environment variable access: $HOME, PII redaction bypass option via prompt injection.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 11, 2026 (commit f4b5c7d6). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

86%

Dependency Graph

100%

LLM Behavioral Safety

98%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Excessive Permissions

2 findings

Security Findings3

Severity	Finding	Layer	Location
MEDIUM	Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration.	Static	packages/skills-catalog/skills/(monitoring)/sentry/scripts/sentry_api.py:10
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	packages/skills-catalog/skills/(monitoring)/sentry/SKILL.md:28
LOW	PII redaction bypass option via prompt injection The `sentry_api.py` script includes a `--no-redact` argument that, if used, bypasses the PII redaction explicitly mandated by the `SKILL.md`'s 'Output formatting rules'. While the skill instructs the LLM to redact PII, a malicious prompt could attempt to inject `--no-redact` into the command, leading to the exposure of sensitive information like emails and IP addresses in the output. The default behavior of the script is to redact, but the option to disable it exists, creating a potential prompt injection vector for PII exfiltration. Remove the `--no-redact` argument from the script to enforce PII redaction at all times, aligning strictly with the skill's stated security policy. If unredacted data is ever needed, it should be obtained through a separate, explicitly authorized process, not via the AI agent.	LLM	scripts/sentry_api.py:170

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/0579ed1a1f7f3a15.svg)](https://skillshield.io/report/0579ed1a1f7f3a15)