exploring-llm-clusters
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill facilitates legitimate analytics tasks on LLM traffic clusters using PostHog-specific tools and well-defined workflows.
- [COMMAND_EXECUTION]: The skill utilizes a local script 'scripts/print_clusters.py' to summarize large JSON results from clustering runs. This script uses standard library functions for JSON parsing and does not exhibit dangerous behaviors.
- [DATA_EXFILTRATION]: The skill queries PostHog event data including trace identifiers, token usage, and costs. This data access is essential for LLM analytics and remains within the authorized environment.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes AI-generated cluster summaries from external data. Evidence Chain: 1. Ingestion points: 'posthog:execute-sql' retrieves '$ai_clusters' containing AI-generated titles and descriptions. 2. Boundary markers: Absent. 3. Capability inventory: Includes SQL execution, trace inspection, and local script execution. 4. Sanitization: Absent; the results are processed and displayed to the agent directly.
Audit Metadata