Skills
skills/aaaaqwq/agi-super-skills/posthog-automation/Gen Agent Trust Hub

posthog-automation

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs users to configure https://rube.app/mcp as an MCP server endpoint. This domain is not recognized as a trusted organization or well-known service in the provided safety guidelines.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from an external source (PostHog) and possesses capabilities to act on that environment.
  • Ingestion points: POSTHOG_LIST_AND_FILTER_PROJECT_EVENTS and POSTHOG_LIST_AND_MANAGE_PROJECT_FEATURE_FLAGS in SKILL.md retrieve event properties and flag configurations.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the skill definition.
  • Capability inventory: The skill can capture events (POSTHOG_CAPTURE_EVENT) and modify project configurations (POSTHOG_CREATE_FEATURE_FLAGS_FOR_PROJECT).
  • Sanitization: There is no evidence of sanitization or schema validation for data returned from PostHog API calls before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 07:56 AM