Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/posthog-incident-runbook/Gen Agent Trust Hub

posthog-incident-runbook

Fail

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve and decode Kubernetes secrets, exposing sensitive API keys in plain text to the session output.
  • Evidence: kubectl get secret posthog-secrets -o jsonpath='{.data.api-key}' | base64 -d in SKILL.md.
  • [COMMAND_EXECUTION]: The skill attempts to execute a shell script located at ./scripts/posthog-debug-bundle.sh which is not provided as part of the skill definition, representing an unverifiable command execution risk.
  • Evidence: ./scripts/posthog-debug-bundle.sh in SKILL.md.
  • [COMMAND_EXECUTION]: The skill performs high-privilege administrative actions on the production infrastructure, including modifying secrets, updating environment variables, and restarting deployments.
  • Evidence: kubectl apply, kubectl set env, and kubectl rollout restart commands in SKILL.md.
  • [PROMPT_INJECTION]: The skill ingests untrusted log data from production applications, creating an attack surface for indirect prompt injection if an attacker can control logged content.
  • Ingestion points: kubectl logs -l app=posthog-integration --since=5m in SKILL.md
  • Boundary markers: Absent
  • Capability inventory: kubectl, curl across SKILL.md
  • Sanitization: Absent
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 12, 2026, 12:12 AM