posthog-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Command Execution] (MEDIUM): The skill relies on an external bash script (
scripts/posthog_sync.sh) that is not included in the provided source files. Executing unverified shell scripts that handle sensitive credentials and external data poses a risk of command injection or unintended system modifications. - [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted JSON configuration data to drive side-effect operations. 1. Ingestion point: blog_dashboard.json. 2. Boundary markers: Absent. 3. Capability inventory: curl (network) and local file-writes for config updates. 4. Sanitization: Verifiability is not possible as the core logic script is missing.
- [Data Exfiltration] (LOW): The skill performs network operations using curl to communicate with PostHog API endpoints (us.i.posthog.com), which are outside the default trusted domain list. While required for functionality, these requests involve sensitive Personal API Keys.
- [External Downloads] (LOW): The skill documentation recommends installing system dependencies (jq) via standard package managers like brew or apt.
Audit Metadata