Create a code review skill that detects prompt injection risks in error messages returned to AI agents.
Problem
AI agents can be manipulated through error messages. Untrusted content (from Sentry API responses, user input) flowing into error messages creates prompt injection vectors.
What the skill should check
- Error messages returned to agents come only from controlled sources (ApiClientError.toUserMessage(), our own UserInputError strings)
- No string interpolation of untrusted data into error messages
- agentTool() wrapper used correctly for embedded agent tools
- No raw exception messages passed through to responses
Pattern violations to catch
// BAD
throw new UserInputError(\`Failed: \${apiResponse.detail}\`);
return { error: err.message };
// GOOD
throw new UserInputError("Issue not found. Check the ID format.");
return { error: apiClientError.toUserMessage() };Acceptance criteria
- Skill document created following agentskills.io format
- Covers all prompt injection vectors in error handling
- Includes concrete examples from this codebase
- Can be used by code review agents to catch real issues
Create a code review skill that detects prompt injection risks in error messages returned to AI agents.
Problem
AI agents can be manipulated through error messages. Untrusted content (from Sentry API responses, user input) flowing into error messages creates prompt injection vectors.
What the skill should check
Pattern violations to catch
Acceptance criteria