posthog-webhooks-events
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill facilitates API calls to 'app.posthog.com' for managing events and actions. This interaction is consistent with the skill's stated purpose and targets a well-known service. Authentication is handled safely via environment variables.
- [INDIRECT_PROMPT_INJECTION]: The skill provides code to ingest data via HTTP webhooks and query the PostHog API. While this defines a data ingestion surface, the implementation guide uses standard handlers and the skill does not contain logic that would lead to unintended command execution based on untrusted input.
- [REMOTE_CODE_EXECUTION]: Bash tool usage is limited to 'curl' for API interactions with PostHog. There are no patterns involving the download or execution of scripts from untrusted remote sources.
Audit Metadata