pp-posthog

Warn

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a binary from external sources. It provides instructions to use npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/.... While these resources are associated with the author's vendor name, they involve executing code from external package registries and repositories.
  • [DATA_EXFILTRATION]: The CLI tool includes an explicit --deliver webhook:<url> flag. This feature allows the output of any command (which may include sensitive PostHog event data, feature flag states, or LLM costs) to be POSTed to an arbitrary external URL. An attacker could potentially use indirect prompt injection to trick an agent into exfiltrating data via this mechanism.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
  • Ingestion points: Data is ingested from the PostHog API via various query commands (e.g., events property-drift, flags blast-radius).
  • Boundary markers: The tool uses a JSON response envelope (meta and results keys) to separate metadata from data, which provides some structure but does not prevent instructions within the data from being processed by the agent.
  • Capability inventory: The skill has the ability to execute shell commands and perform network operations via the webhook delivery sink.
  • Sanitization: There is no evidence of sanitization or filtering of the content returned from the PostHog API before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 23, 2026, 04:09 AM
Security Audit — agent-trust-hub — pp-posthog