omnibus-instrument-integration
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill focuses on legitimate software instrumentation tasks for the PostHog analytics platform.
- [EXTERNAL_DOWNLOADS]: All external resources, including SDK packages (such as posthog-js, posthog-node, and posthog-python) and documentation links, originate from official PostHog domains and repositories. These are well-known services and do not pose a security risk.
- [CREDENTIALS_UNSAFE]: The instructions (Step 6) explicitly command the use of environment variables for storing API keys and warn against hardcoding secrets, which is a standard security best practice.
- [COMMAND_EXECUTION]: Shell commands are used appropriately for package management (e.g., npm install, pip install) and project verification (running linters). These operations are restricted to the context of the primary task of instrumenting a codebase.
- [PROMPT_INJECTION]: No patterns of prompt injection or attempts to bypass agent safety protocols were detected in the instructions or reference files.
Audit Metadata