Skills
skills/posthog/ai-plugin/instrument-llm-analytics/Gen Agent Trust Hub

instrument-llm-analytics

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Instructions in SKILL.md and various reference files (e.g., references/anthropic.md, references/openai.md) direct the agent to execute shell commands for package management tasks such as pip install and npm install.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of numerous third-party and vendor-specific packages from official registries (npm and PyPI). These include PostHog's own SDKs (posthog, @posthog/ai) and industry-standard libraries like opentelemetry-sdk.
  • [DATA_EXFILTRATION]: By design, this skill configures the environment to send LLM-related metadata—including prompt inputs, model responses, token usage, and costs—to PostHog's ingestion endpoints (https://us.i.posthog.com or https://eu.i.posthog.com). This behavior is the stated primary function of the skill.
  • [CREDENTIALS_UNSAFE]: The skill manages PostHog API tokens by retrieving them via a specific project tool or user prompt and writing them to local .env files. This aligns with standard development practices for environment configuration.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 07:41 PM
Security Audit — agent-trust-hub — instrument-llm-analytics