diff --git a/src/psrt_ghsa_bot/_sentry_monitoring.py b/src/psrt_ghsa_bot/_sentry_monitoring.py
index 08e7f7c..2e20399 100644
--- a/src/psrt_ghsa_bot/_sentry_monitoring.py
+++ b/src/psrt_ghsa_bot/_sentry_monitoring.py
@@ -26,7 +26,7 @@ def init_sentry() -> None:
     )
 
 
-def capture_checkin(monitor_slug, status, duration=None, check_in_id=None):
+def capture_checkin(monitor_slug, status, duration=None, check_in_id=None) -> None | str:
     """Capture a Sentry cron check-in."""
     if not os.environ.get("SENTRY_DSN"):
         return None
@@ -40,3 +40,10 @@ def capture_checkin(monitor_slug, status, duration=None, check_in_id=None):
         )
     except ImportError, AttributeError:
         return None
+
+
+def capture_exception() -> None:
+    """Capture an exception if Sentry is active."""
+    if not os.environ.get("SENTRY_DSN"):
+        return
+    sentry_sdk.capture_exception()
diff --git a/src/psrt_ghsa_bot/app.py b/src/psrt_ghsa_bot/app.py
index ef46379..ab8f362 100644
--- a/src/psrt_ghsa_bot/app.py
+++ b/src/psrt_ghsa_bot/app.py
@@ -20,6 +20,7 @@
     STATUS_IN_PROGRESS,
     STATUS_OK,
     capture_checkin,
+    capture_exception,
     init_sentry,
 )
 
@@ -89,7 +90,9 @@ def get_repository_advisories(
         # 404 means no advisories or no access - that's okay
         if e.response.status_code == 404:
             return
-        raise
+        # Capture the original exception in Sentry (private)
+        # and emit a sanitized public exception.
+        capture_exception()
 
 
 def github_client_request(client: typing.Any, method: str, url: str, params: dict[str, str | int]) -> typing.Any:
@@ -161,9 +164,11 @@ def apply_to_repo(github: GitHub, owner: str, repo: str, cve_api: CveApi) -> Non
                     repo=repo,
                     ghsa_id=ghsa_id,
                 )
-            except RequestFailed as e:
-                print(f"       ⚠️ Error creating private fork: {e.response.json()}")
-                raise e
+            except RequestFailed:
+                # Capture the original exception in Sentry (private)
+                # and emit a sanitized public exception.
+                capture_exception()
+                raise RuntimeError("Request to create a private fork failed") from None
 
         # Advisories that are in the 'draft' state without a CVE ID
         # should have one allocated by the PSF CVE Numbering Authority.
@@ -187,9 +192,11 @@ def apply_to_repo(github: GitHub, owner: str, repo: str, cve_api: CveApi) -> Non
                     ghsa_id=ghsa_id,
                     data=patch_data,
                 )
-            except RequestFailed as e:
-                print(f"       ⚠️ Error updating advisory: {e.response.json()}")
-                raise e
+            except RequestFailed:
+                # Capture the original exception in Sentry (private)
+                # and emit a sanitized public exception.
+                capture_exception()
+                raise RuntimeError("Request to update advisory failed") from None
             print("       💾 Updated advisory")
         else:
             print("       ⏭️  No updates needed")