posthog-incident-runbook

The skill's described capabilities and its operational footprint align with a legitimate PostHog incident response workflow. It uses standard, auditable tooling for triage, remediation, and post-incident analysis. While reasonable, the credential access (reading and rotating Kubernetes secrets) and direct deployment modifications introduce elevated risk and require strict access controls, approvals, and logging to prevent misuse. Overall, the skill is Benign with elevated risk due to privilege-sensitive operations; treat as Suspicious if run in uncontrolled contexts or with wildcard/unchecked permissions.