posthog-instrumentation
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure] (SAFE): The skill correctly uses placeholders for sensitive information like API keys (e.g., '<ph_project_api_key>'), preventing credential exposure.
- [External Downloads] (SAFE): References to standard libraries like 'posthog' and 'posthog-js/react' are legitimate and consistent with the skill's stated purpose.
- [Indirect Prompt Injection] (SAFE): While the skill's workflow involves processing user codebase requests, it functions as a template provider and does not contain executable scripts or the ability to perform high-privilege operations like file writing or network requests.
Audit Metadata