Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/posthog-observability/Gen Agent Trust Hub

posthog-observability

Pass

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Employs shell commands with curl and jq to query PostHog APIs for monitoring metrics.
  • [DATA_EXFILTRATION]: Performs network requests to app.posthog.com to fetch data from a well-known observability service.
  • [PROMPT_INJECTION]: Identifies a potential surface for indirect prompt injection due to the ingestion of data from external PostHog APIs. 1. Ingestion points: SKILL.md (Step 1 and Step 3). 2. Boundary markers: No delimiters or specific instructions are provided to the agent to ignore instructions embedded in the API response data. 3. Capability inventory: The skill is configured to use Read, Write, and Edit tools. 4. Sanitization: Uses jq and JSON.parse() for structural extraction, but does not provide sanitization of data content against embedded prompt instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 27, 2026, 05:50 PM