error-tracking-go
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the official PostHog Go SDK via
go get github.com/posthog/posthog-go, which is a legitimate vendor resource. - [CREDENTIALS_UNSAFE]: Properly uses placeholders like
<ph_project_token>in code snippets and explicitly mandates the use of environment variables for secrets in the 'Key principles' section. - [COMMAND_EXECUTION]: Provides standard terminal commands for package installation (
go get) and test exception triggers, all related to the primary integration purpose. - [PROMPT_INJECTION]: The skill describes the processing of exception data (messages, types, and stack traces). While this represents an attack surface for indirect prompt injection from application errors, it is the primary function of error tracking and involves standard data ingestion through the vendor's SDK.
- [DATA_EXFILTRATION]: Documents the transmission of error events to official PostHog endpoints (
us.i.posthog.com), which is the intended behavior for the service.
Audit Metadata