Skills
skills/posthog/ai-plugin/investigate-metric/Gen Agent Trust Hub

investigate-metric

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions in SKILL.md (Step 2.3) suggest that the agent should run git log to identify code changes in the repository that might correlate with observed metric anomalies.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted data from external sources (PostHog event properties and query results). \n
  • Ingestion points: Data enters the agent's context through tools like posthog:query-trends, posthog:insight-get, and posthog:execute-sql. \n
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat data from the PostHog API as untrusted or to ignore embedded instructions. \n
  • Capability inventory: The skill allows the agent to execute shell commands (git log), run SQL via posthog:execute-sql, and perform write operations like posthog:insight-create and posthog:annotation-create. \n
  • Sanitization: The scripts scripts/breakdown_attribution.py and scripts/compare_to_prior_periods.py perform direct JSON parsing and mathematical operations on inputs without any validation or sanitization of string content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 01:50 PM