Skills
skills/posthog/skills/logs-nodejs/Gen Agent Trust Hub

logs-nodejs

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install standard, well-known OpenTelemetry packages from the public npm registry for observability purposes.
  • Evidence: references/nodejs.md recommends installing @opentelemetry/sdk-node, @opentelemetry/exporter-logs-otlp-http, @opentelemetry/api-logs, and @opentelemetry/resources.
  • [DATA_EXFILTRATION]: The skill configures applications to send log data to the PostHog ingestion endpoint. While this involves data leaving the application environment, it is the primary intended function of the skill and targets the vendor's official infrastructure.
  • Evidence: references/nodejs.md and references/start-here.md direct logs to https://us.i.posthog.com/i/v1/logs.
  • [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection. Malicious instructions could be embedded in log data (e.g., via user-controlled request headers or bodies) and subsequently executed or acted upon by an AI agent using the PostHog MCP tools to query and analyze logs.
  • Ingestion points: Untrusted data from application inputs (requests, errors, etc.) is ingested into PostHog logs, as described in references/best-practices.md and references/nodejs.md.
  • Boundary markers: The documentation recommends using structured JSON logging, which provides some field separation, but does not explicitly instruct the use of delimiters to ignore embedded instructions within log messages.
  • Capability inventory: The skill describes the PostHog MCP server (references/debug-logs-mcp.md) which provides tools (logs-query, logs-list-attributes) for AI agents to retrieve and process these logs.
  • Sanitization: The documentation warns against logging PII and secrets, but does not specify sanitization techniques for preventing prompt injection from log content.
  • [CREDENTIALS_UNSAFE]: The documentation suggests an alternative configuration where the project token is passed as a URL query parameter, which can lead to credential leakage in server logs or proxy history. However, the use of headers is also documented and preferred.
  • Evidence: references/nodejs.md provides an example using url: 'https://us.i.posthog.com/i/v1/logs?token=<ph_project_token>'.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 07:14 AM