Skills
skills/posthog/ai-plugin/consuming-endpoints-from-client-code/Gen Agent Trust Hub

consuming-endpoints-from-client-code

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides documentation and instructions for integrating PostHog endpoints into external applications, following industry-standard practices.
  • [EXTERNAL_DOWNLOADS]: The instructions reference well-known and reputable third-party tools such as @hey-api/openapi-ts and openapi-generator-cli for generating client code from OpenAPI specifications. These references are standard for the described development workflow and do not involve unverified or suspicious sources.
  • [CREDENTIALS_UNSAFE]: The skill correctly identifies security risks associated with API keys. It explicitly warns against embedding personal API keys in client-side code (mobile/browser) and recommends using environment variables for server-side storage, which is a recognized security best practice.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 09:49 AM
Security Audit — agent-trust-hub — consuming-endpoints-from-client-code