posthog
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
@membranehq/clipackage from the npm registry. This is the official command-line tool for the service described in the skill. - [COMMAND_EXECUTION]: Uses the
membraneCLI to perform operations such as logging in, connecting to PostHog, and running actions. These commands are standard for interacting with the Membrane platform. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill explicitly directs the user to use the platform's authentication flow, which handles tokens server-side rather than storing them in the local environment.
- [SAFE]: The skill incorporates an indirect prompt injection surface as it processes data from PostHog (e.g., events, persons). However, it uses a mediated platform (Membrane) that provides a layer of abstraction and control over how data is processed and interpreted.
Audit Metadata