instrument-llm-analytics
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill aligns with its stated purpose of providing LLM observability. It references official PostHog and AI provider SDKs and infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of legitimate, widely-used observability and AI libraries (such as OpenTelemetry and provider-specific SDKs) from official package registries (PyPI, npm). Documentation links and examples point to PostHog's official GitHub repositories.
- [COMMAND_EXECUTION]: Shell commands are used for standard development tasks, including package installation and environment variable management. The instruction to run installations as background tasks is an optimization for the agent's workflow and does not represent a security threat.
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to avoid hardcoding secrets, recommending the use of environment variables and providing a secure method to retrieve API tokens via an MCP server.
Audit Metadata