posthog-incident-runbook
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill contains instructions to retrieve, decode, and display Kubernetes secrets (
api-key) in plain text, exposing sensitive credentials to the agent's context. - [COMMAND_EXECUTION]: The skill executes high-privilege cluster operations, including modifying deployment environment variables (
kubectl set env), restarting production services, and executing a local script (./scripts/posthog-debug-bundle.sh) that is not included in the provided file set. - [PROMPT_INJECTION]: The skill processes untrusted external data from application logs (
kubectl logs) and health check endpoints without sanitization or boundary markers, creating a surface for indirect prompt injection. - [SAFE]: Fetches status information from PostHog's official status page.
Recommendations
- AI detected serious security threats
Audit Metadata