posthog-analytics
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection via untrusted external data ingestion. \n
- Ingestion points: Untrusted data enters the agent context through
event-definitions-list,properties-list, and results fromquery-run(SKILL.md). \n - Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the instructions. \n
- Capability inventory: The skill possesses the capability to write to the local filesystem (
.claude/product-context.md) and perform state-changing actions likedashboard-createandexperiment-create(SKILL.md). \n - Sanitization: No sanitization, escaping, or schema validation is applied to the data strings retrieved from PostHog before they are processed by the agent.
Recommendations
- AI detected serious security threats
Audit Metadata