posthog-instrumentation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt shows and encourages embedding a project API key directly in code (posthog = Posthog(api_key='<ph_project_api_key>')), which instructs the agent to place secret values verbatim into generated code/commands rather than using environment variables or secure auth flows, creating an exfiltration risk.