skills/jeremylongshore/claude-code-plugins-plus-skills/posthog-migration-deep-dive/Gen Agent Trust Hub
posthog-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes local source files to inventory integration points, creating an indirect prompt injection attack surface.
- Ingestion points: Scans all local .ts and .py files using find and grep (SKILL.md).
- Boundary markers: No markers or instructions are present to distinguish between data and instructions within the scanned source code.
- Capability inventory: Uses Write, Edit, and Bash for npm, node, and kubectl operations (SKILL.md).
- Sanitization: No sanitization or filtering of the scanned file content is performed.
- [COMMAND_EXECUTION]: Employs shell commands (find, grep, wc, kubectl) to automate the migration assessment and deployment process, which is consistent with the skill's purpose.
- [EXTERNAL_DOWNLOADS]: Installs the official @posthog/sdk from the well-known NPM registry.
Audit Metadata