The Agent Skills Directory

[PROMPT_INJECTION]: The prompt field in the posthog:subscriptions-create tool accepts free-text input from the user. This input is later processed by an LLM to generate HogQL queries and synthesize reports. This creates a surface for indirect prompt injection.
Ingestion points: The prompt argument in posthog:subscriptions-create (SKILL.md).
Boundary markers: Absent. The user-supplied prompt is processed without explicit delimiters or instructions to ignore embedded commands mentioned in the skill definition.
Capability inventory: The skill uses posthog:subscriptions-create to schedule tasks where an LLM executes HogQL queries against project data and sends the results to external targets like email or Slack.
Sanitization: Absent. There is no mention of sanitization or validation of the prompt content before it is stored and processed by the LLM.
[DATA_EXFILTRATION]: The skill facilitates the recurring delivery of project data to external sinks (email and Slack). Because the target_value (email addresses or Slack channel IDs) is user-defined, it could be used to exfiltrate project data to unauthorized external accounts.
[COMMAND_EXECUTION]: The backend process triggered by this skill involves the dynamic generation and execution of HogQL queries based on the user-provided prompt. While this is the intended functionality for AI-generated reports, it represents a dynamic execution pattern where user input influences database queries.

creating-ai-subscription