Skills
skills/aaaaqwq/claude-code-skills/posthog-automation/Gen Agent Trust Hub

posthog-automation

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill requires the user to add an external MCP server (https://rube.app/mcp). This source is not listed in the Trusted External Sources (e.g., Anthropic, OpenAI, Microsoft), meaning its behavior and the safety of the code it provides to the agent cannot be verified by the analyzer.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection through data ingested from PostHog.
  • Ingestion points: Event data, property values, and feature flag configurations retrieved via POSTHOG_LIST_AND_FILTER_PROJECT_EVENTS and POSTHOG_RETRIEVE_FEATURE_FLAG_DETAILS (SKILL.md).
  • Boundary markers: None identified in the skill instructions to separate data from instructions.
  • Capability inventory: The skill can write data back to the network and modify configurations using POSTHOG_CAPTURE_EVENT and POSTHOG_CREATE_FEATURE_FLAGS_FOR_PROJECT (SKILL.md).
  • Sanitization: No sanitization or validation logic is defined to prevent the agent from interpreting instructions found within PostHog event properties.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 03:09 PM