instrument-error-tracking
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to install platform-specific PostHog SDKs using standard package managers like npm, pip, and bundle. It also runs project scripts for linting and verification to ensure the instrumentation is correctly integrated.
- [EXTERNAL_DOWNLOADS]: Fetches official PostHog libraries from public package registries and loads the JavaScript tracker from the vendor's asset delivery network (e.g., us-assets.i.posthog.com).
- [DATA_EXFILTRATION]: Configures the project to send exception reports and telemetry data to PostHog's ingestion endpoint (us.i.posthog.com), which is the documented and intended purpose of the instrumentation and corresponds to the vendor's own infrastructure.
- [SAFE]: Employs secure secret management practices by instructing the agent to use environment variables and the env-file-tools MCP server for sensitive API tokens instead of hardcoding them in the source code.
Audit Metadata