managing-subscriptions
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data (such as insight and dashboard titles) that may be controlled by potentially malicious actors.
- Ingestion points: The skill fetches data from
insight-get,dashboard-get, andsubscriptions-listas described inSKILL.md. - Boundary markers: There are no explicit instructions or delimiters provided to the agent to distinguish between trusted instructions and potentially untrusted data found in insight/dashboard names.
- Capability inventory: The skill has the ability to perform operations using
subscriptions-create,subscriptions-partial-update, andintegrations-list(SKILL.md). - Sanitization: The instructions do not specify any sanitization, filtering, or validation for the content retrieved from PostHog resources before the agent uses it in its logic.
Audit Metadata