integration-sveltekit
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The integration workflow instructs the agent to execute linter or formatting scripts defined in the project's
package.jsonfile. This is a standard development practice intended to maintain code quality after automated edits, restricted specifically to files modified by the skill. - [EXTERNAL_DOWNLOADS]: Documentation within the skill references the PostHog integration wizard accessible via
npx @posthog/wizard@latest. This is an official vendor tool provided for project bootstrapping. - [COMMAND_EXECUTION]: The skill requires the use of Svelte MCP server tools, specifically
svelte-autofixer, to validate and correct Svelte components. These are legitimate development tools used within the agent's environment. - [SAFE]: The reverse proxy implementation provided in the example code (
hooks.server.ts) correctly restricts target hostnames to official PostHog domains (us.i.posthog.comandus-assets.i.posthog.com), preventing open proxy vulnerabilities.
Audit Metadata