instrument-error-tracking
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs official PostHog SDKs via standard package registries (NPM, PyPI, RubyGems). These downloads are necessary for the skill's functionality and target a well-known service provider.
- [COMMAND_EXECUTION]: The skill executes shell commands for package installation and project initialization. These are standard development tasks and do not involve suspicious or unauthorized actions.
- [CREDENTIALS_UNSAFE]: The skill implements safe credential management by instructing the agent to use environment variables for project tokens, specifically leveraging the env-file-tools MCP server for secure storage.
- [DATA_EXFILTRATION]: While data is sent to PostHog's ingestion endpoints (e.g., us.i.posthog.com), this is the intended and documented behavior of an error tracking tool. No unauthorized data harvesting or exfiltration to third-party domains was found.
Audit Metadata