signals
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or unauthorized behaviors were detected. The skill is consistent with its stated purpose of documenting analytics queries for the PostHog platform.
- [DATA_EXFILTRATION]: The skill describes how to query the
document_embeddingstable to fetch product observations using theposthog:execute-sqltool. This access is inherent to the skill's purpose and is constrained by the platform's team-level permissions. - [PROMPT_INJECTION]: The processing of natural-language signal descriptions presents a surface for indirect prompt injection.
- Ingestion points: Signal descriptions are retrieved from the
contentcolumn of thedocument_embeddingstable via theposthog:execute-sqltool. - Boundary markers: The provided SQL templates do not define explicit delimiters to separate untrusted signal data from agent instructions.
- Capability inventory: The skill utilizes the
posthog:execute-sqlcapability for data retrieval. - Sanitization: No sanitization or validation logic is specified for the data ingested from the database.
Audit Metadata