posthog-automation
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration requires connecting to an external MCP server hosted at https://rube.app/mcp. This is a third-party service used to provide the tool functionality.
- [DATA_EXFILTRATION]: The skill is designed to access and manage sensitive analytics data from PostHog, including project configurations, user profiles, and event details. This data is processed locally by the agent or through the connected MCP server to perform automation tasks.
- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it retrieves and processes data from an external source (PostHog). Malicious content embedded in event data or feature flag descriptions could potentially influence the agent's logic. * Ingestion points: POSTHOG_LIST_AND_FILTER_PROJECT_EVENTS and POSTHOG_RETRIEVE_FEATURE_FLAG_DETAILS in SKILL.md. * Boundary markers: None identified in the skill instructions. * Capability inventory: Tool-based capabilities for writing to the PostHog API (capturing events, creating/modifying feature flags). * Sanitization: No explicit data sanitization or validation logic is defined within the skill file.
Audit Metadata