posthog
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard curl and jq binaries to interact with the PostHog API and process JSON output. These are legitimate tools for the skill's stated purpose.
- [DATA_EXFILTRATION]: Network traffic is restricted to the official PostHog domain (us.posthog.com), a well-known analytics service. Authentication is securely handled via the POSTHOG_TOKEN secret, with no evidence of credential exposure or exfiltration to unauthorized domains.
- [PROMPT_INJECTION]: The skill ingests untrusted data from external API responses, which represents a surface for indirect prompt injection. 1. Ingestion points: Event properties, person details, and survey responses retrieved from us.posthog.com. 2. Boundary markers: The skill does not provide explicit markers to separate external data from agent instructions. 3. Capability inventory: Capabilities are limited to network requests (curl) and JSON processing (jq), with no access to sensitive system files or arbitrary code execution. 4. Sanitization: API data is structured via jq but lacks content-based sanitization for malicious instruction strings.
Audit Metadata