posthog-security-basics
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill promotes secure secret management by instructing users to use environment variables and .gitignore files, preventing the exposure of credentials in version control.
- [SAFE]: Network operations are restricted to health checks against the official PostHog API, a well-known service, standard for validating configuration.
- [SAFE]: Code templates for webhook signature verification use industry-standard cryptographic methods to ensure data integrity.
- [SAFE]: Indirect Prompt Injection Surface Analysis: (1) Ingestion points: The verifyWebhookSignature function in SKILL.md processes external string payloads; (2) Boundary markers: Absent; (3) Capability inventory: Restricted to standard platform tools Read, Write, and Grep as defined in SKILL.md frontmatter; (4) Sanitization: Cryptographic signature verification is used for authentication.
Audit Metadata