Sentry

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Sentry management helper that uses Membrane for authentication and API access, with one destructive issue-delete capability users should handle carefully.

Install only if you want an agent to manage Sentry through Membrane. Use least-privilege Sentry access where possible, verify the organization/project/issue before any update or delete action, and require explicit confirmation before running destructive actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly documents destructive capabilities such as 'Delete Issue' but provides no guidance to require user confirmation, scope checks, or other safeguards before execution. In an agent setting, this increases the chance of accidental or unauthorized destructive operations against production incident data, especially if the model interprets a broad user request too aggressively.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal