posthog-debugger
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses browser automation (Chrome DevTools or Playwright) to execute JavaScript code in the browser context of the target website. This is used to inspect the global 'posthog' object and retrieve configuration data.
- [DATA_EXFILTRATION]: The skill is specifically designed to read and report technical data from third-party websites, including PostHog project tokens, session IDs, and distinct IDs. This data is extracted and presented to the user as part of the debugging summary.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted data from external websites (scripts, console logs, and network traffic) which could contain instructions intended to influence the agent's analysis.
- Ingestion points: Page snapshots, accessibility trees, console messages, and network request details (SKILL.md).
- Boundary markers: Not present in the prompt interpolation logic.
- Capability inventory: Execution of arbitrary JavaScript on target pages and navigation to any user-provided URL (SKILL.md).
- Sanitization: No explicit sanitization or filtering of external script content or console logs is performed before summarizing findings.
Audit Metadata