posthog-debugger

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's inspection code and response format explicitly extract and display sensitive values (e.g., PostHog project token "phc_...", distinct and session IDs) and instruct the agent to include the full token in the summary, which requires outputting secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to navigate to arbitrary URLs and use browser MCPs (Chrome DevTools / Playwright) to take snapshots, run JavaScript, read console messages and network requests from live web pages (e.g., "Navigate to the URL with ?__posthog_debug=true" and the listed MCP tools), which clearly ingests untrusted third‑party website content that the agent reads and uses to drive decisions and next actions.