exploring-autocapture-events
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is authored by PostHog and focuses on legitimate analytics operations within their platform. The instructions and provided SQL examples follow standard practices for the PostHog ecosystem.\n- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection, as it processes untrusted data from the PostHog events table (e.g., element text, tag names, and attributes controlled by website users). This is an inherent characteristic of tools designed to analyze external event data.\n
- Ingestion points: Data retrieved from the events table via SKILL.md and references/example-queries.md.\n
- Boundary markers: No specific delimiters or warnings for embedded instructions are used in the data processing workflow.\n
- Capability inventory: The skill uses posthog tools for querying trends, funnels, and creating actions.\n
- Sanitization: No sanitization of the interaction data is performed before it is presented to the agent.
Audit Metadata