exploring-autocapture-events
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate documentation and workflow guidance for using PostHog's autocapture feature. No evidence of obfuscation, remote code execution, or data exfiltration was detected.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) by processing untrusted data from user-controlled web elements.
- Ingestion points: Untrusted data enters the agent context via the
eventstable, specifically through theelements_chainandelements_chain_textscolumns (documented inSKILL.mdandexample-queries.md). - Boundary markers: Absent. The instructions do not specify any delimiters or warnings to the agent to ignore potentially malicious instructions embedded within the captured event data.
- Capability inventory: The skill utilizes data reading through HogQL queries and action management via the
posthog:action-createtool. - Sanitization: Absent. The skill handles captured data as raw strings for the purpose of regex matching and analysis.
Audit Metadata