posthog
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes
codex exec --full-autoto generate and apply code fixes based on an automated audit. This involves dynamic code generation and execution which could be manipulated if the remediation instructions are influenced by malicious data found in the audited project. - DATA_EXFILTRATION (LOW): The troubleshooting guide in
references/troubleshooting.mdsuggests usingwebhook.siteas a temporaryapi_host. This practice sends application event data to an external, unverified third-party domain. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted local source code and use the results to drive the automated remediation logic.
- Ingestion points:
scripts/detect-environment.shreads local files;mcp__posthog__logs-queryprocesses log data. - Boundary markers: None identified in the prompt interpolation logic.
- Capability inventory:
codex exec(arbitrary code execution),vercel env add(production environment modification). - Sanitization: No explicit sanitization or validation of the findings before they are passed to the remediation tool.
- EXTERNAL_DOWNLOADS (LOW): The skill invokes
npx convex, which can lead to the download and execution of packages from the npm registry at runtime. - DATA_EXFILTRATION (LOW): The
scripts/detect-environment.shscript accesses.env.localand queries production environment variables via the Vercel CLI to verify project configuration, exposing sensitive configuration metadata to the agent context.
Audit Metadata