posthog-pls-big-fish
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or high-risk behaviors were identified. The skill's operations are consistent with its stated purpose of assisting with lead research and qualification for PostHog employees.
- [PROMPT_INJECTION]: The skill has an inherent attack surface for indirect prompt injection because it ingests and processes untrusted data from external sources.
- Ingestion points: Data is fetched from external web searches (company research) and Vitally account notes and conversations (SKILL.md).
- Boundary markers: No specific delimiters or boundary markers are instructed for the external data ingestion.
- Capability inventory: The skill can perform network operations via
web_searchandweb_fetch, and interact with user communications via the Gmail MCP. - Sanitization: No explicit sanitization or validation of the ingested external content is mentioned before it is presented to the LLM for processing.
- [EXTERNAL_DOWNLOADS]: The skill uses standard research tools, including
web_searchandweb_fetch, to gather firmographics and validate links in drafted emails. This is a common and necessary capability for its research workflow. - [DATA_EXFILTRATION]: While the skill accesses sensitive business data (Vitally notes, Gmail history), this access is restricted to the user's own authenticated environment and is used solely to generate internal summaries and outreach drafts. No unauthorized exfiltration patterns were found.
Audit Metadata