skills-store

SUSPICIOUS. The skill’s capabilities match its purpose and its network/data flow stays within PostHog, so it is not malware-like. The main risk is architectural: it instructs the agent to load remote shared skill bodies/files and treat them as instructions, creating meaningful indirect prompt-injection and transitive-trust risk.