posthog-data-handling
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious patterns or security risks were detected in the skill's instructions or implementation examples.
- [EXTERNAL_DOWNLOADS]: The skill uses
fetchto interact with official PostHog API endpoints (us.i.posthog.com) for tasks such as data deletion and querying. These references target a well-known service and are consistent with the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The implementation patterns correctly handle sensitive information by referencing environment variables (e.g.,
POSTHOG_PERSONAL_API_KEY,POSTHOG_PROJECT_ID) instead of using hardcoded secrets. - [PROMPT_INJECTION]: The skill templates for data lookups and exports interpolate identifiers into URLs and HogQL queries. While this creates a potential surface for indirect injection if processing untrusted data, the logic is provided as a standard implementation pattern for compliance workflows.
Audit Metadata