add-analytics

Benign with moderate security considerations. The skill's footprint is coherent with its stated purpose of instrumenting web apps with PostHog, Sentry, and a health endpoint. Data flows to external analytics/error services are expected for observability, and keys/DSNs are required. The main caution is the Supabase service role key used in health checks; ensure it remains server-side, access-controlled, and scoped with least privilege. No unverifiable binaries or data exfiltration patterns are evident. Overall, capabilities are proportionate to the task, and the data flows align with typical observability tooling.