analyzing-experiment-session-replays
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from session recordings, such as console logs and URLs, which are sourced from external user activity. This introduces a surface for indirect prompt injection.\n
- Ingestion points: Session recording metadata and activity logs (e.g., console errors, URLs) retrieved via the filter_session_recordings tool in SKILL.md.\n
- Boundary markers: Absent; the instructions do not specify delimiters for external content.\n
- Capability inventory: Data retrieval and analysis tools including execute_sql, filter_session_recordings, and experiment_results_summary across the workflow.\n
- Sanitization: Absent; the skill does not explicitly sanitize or validate session content before including it in the final analysis presented to the user.\n- [COMMAND_EXECUTION]: The skill provides instructions to construct and execute HogQL queries against internal system tables (system.experiments, system.feature_flags) using dynamically provided IDs and keys. This is the intended mechanism for retrieving experiment configuration within the PostHog environment.
Audit Metadata