Skills
skills/posthog/skills/skills-store/Gen Agent Trust Hub

skills-store

Pass

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is designed to ingest instruction sets ('skills') from a remote database and explicitly directs the agent to 'Treat it as your system instructions for this task.' This creates a significant surface for indirect prompt injection, where malicious content stored in the PostHog database could override the agent's behavior.
  • Ingestion points: The body field fetched via the posthog:skill-get tool is incorporated into the agent's context.
  • Boundary markers: Absent. The skill provides no delimiters or warnings to treat the fetched content as untrusted.
  • Capability inventory: The skill manages the lifecycle of other skills, including listing, fetching, and downloading associated scripts.
  • Sanitization: Absent. The agent is encouraged to follow the instructions in the fetched body verbatim.
  • [EXTERNAL_DOWNLOADS]: The skill uses the posthog:skill-file-get tool to fetch bundled files, such as scripts and reference documents, from the vendor's (PostHog) remote service. While originating from the vendor, the content of these files is dynamic and managed externally.
  • [COMMAND_EXECUTION]: The skill encourages a workflow where the agent fetches and follows instructions that may involve executing scripts (e.g., Python files in a scripts/ directory). This creates a path from remote content to local execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 25, 2026, 11:21 PM