omnibus-instrument-error-tracking
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use standard package managers (npm, pip, go get, bundle, etc.) to install official PostHog libraries. This is the intended behavior for application instrumentation.
- [EXTERNAL_DOWNLOADS]: The skill references and installs official PostHog packages from trusted registries such as NPM, PyPI, Maven, and RubyGems. All external resources identified trace back to the official infrastructure of the vendor 'posthog'.
- [CREDENTIALS_UNSAFE]: The instructions explicitly emphasize the use of environment variables for PostHog project tokens and API keys, specifically advising against hardcoding them. It also suggests using an environment variable MCP server for secure management.
- [DATA_EXFILTRATION]: No patterns of unauthorized data exfiltration were found. The skill's network activity is limited to the initialization and telemetry transmission intended for the PostHog platform.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any unverified remote code execution. It uses official build tools and SDKs to provide error tracking capabilities.
Audit Metadata