The Agent Skills Directory

[Command Execution] (MEDIUM): The skill uses codex exec --full-auto to perform automated modifications to critical files such as next.config.js and app/layout.tsx. This represents a significant capability for an automated tool to alter the application's runtime configuration and logic based on natural language instructions.
[Credentials Unsafe] (MEDIUM): The skill interacts with sensitive configuration files by appending to .env.local and using vercel env add to modify production environment variables. Automated management of production secrets increases the risk of credential exposure or misconfiguration.
[Dynamic Execution] (MEDIUM): Code is generated and applied to the codebase at runtime via the 'Fix Playbook'. This workflow bypasses traditional static analysis and manual code review processes.
[Indirect Prompt Injection] (LOW): The skill ingests data from external reference files and the local filesystem to guide its fixes, creating an attack surface where malicious content in those files could influence the automated code generation. Evidence Chain: 1. Ingestion points: ~/.claude/skills/posthog/references/sdk-patterns.md and project source code. 2. Boundary markers: Absent in codex exec calls. 3. Capability inventory: Automated file writes and production environment updates. 4. Sanitization: None identified for the ingested content.

fix-posthog