integration-ruby-on-rails
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill uses official PostHog gems (
posthog-rubyandposthog-rails) and provides instructions that prioritize the use of environment variables and Rails credentials for API keys. - [EXTERNAL_DOWNLOADS]: The skill includes the
posthog-jslibrary via a script tag that fetches code from the official PostHog asset CDN. - Evidence: Found in the layout template in
references/EXAMPLE.md. - [CREDENTIALS_UNSAFE]: The example project contains a hardcoded dummy secret in a development-specific configuration file.
- Evidence:
config.secret_key_baseinconfig/environments/development.rbis set to a placeholder string for demonstration purposes. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes untrusted project files to determine where to place tracking code.
- Ingestion points: Application controllers and models are scanned to identify business-critical events as described in
references/basic-integration-1.0-begin.md. - Boundary markers: None identified in the provided instructions.
- Capability inventory: The skill can create and edit files and utilize the PostHog MCP tool.
- Sanitization: No explicit content sanitization or validation is mentioned.
Audit Metadata