instrument-integration
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate integration instructions for PostHog, a well-known analytics service. All guided actions (installing packages, modifying configuration files) are consistent with the skill's stated purpose.
- [CREDENTIALS_UNSAFE]: Step 6 of the instructions explicitly mandates the use of environment variables for storing API keys and hosts, warning against hardcoding them. This aligns with industry-standard security practices for secret management.
- [COMMAND_EXECUTION]: The skill directs the agent to use standard system package managers (e.g., npm, pip, pnpm) to install verified libraries from official registries. No risky command patterns like 'curl | bash' or unauthorized privilege escalation attempts were detected.
- [DATA_EXFILTRATION]: There is no evidence of unauthorized data collection. Network communications are restricted to official PostHog API endpoints (e.g., i.posthog.com) for the purpose of application telemetry as requested by the user.
- [PROMPT_INJECTION]: The instructions are strictly task-oriented and do not attempt to override the AI agent's core safety protocols or system instructions.
Audit Metadata