integration-python
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to run arbitrary scripts (e.g., linters, builders) found in the project's package.json file. While intended for cleanup and validation, this provides a mechanism for executing locally defined shell commands.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing the posthog and python-dotenv packages from public repositories, which is standard for its integration purpose.\n- [PROMPT_INJECTION]: The skill reads up to 15 existing project files to identify tracking opportunities. This creates a surface for indirect prompt injection where malicious code comments or data in those files could influence agent behavior.\n
- Ingestion points: Reads package.json and 10-15 project source files as identified in basic-integration-1.0-begin.md.\n
- Boundary markers: None provided; the agent is instructed to "Read the files" without specific isolation.\n
- Capability inventory: File modification (editing source code), shell command execution (pip, package scripts), and PostHog MCP tool usage.\n
- Sanitization: No sanitization or validation of the ingested file content is mentioned.
Audit Metadata