The Agent Skills Directory

[SAFE]: The skill performs legitimate development automation tasks. All instructions and reference code align with the intended purpose of instrumenting an application with PostHog analytics.
[EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install PostHog SDKs from official registries (npm, PyPI, RubyGems, etc.) and references documentation from posthog.com. These are trusted or well-known sources.
[COMMAND_EXECUTION]: The skill executes standard package manager commands (e.g., npm install, pip install, bundle install) and interacts with the PostHog MCP server to configure the project environment.
[PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection due to its automated analysis and modification of project files.
Ingestion points: The agent is instructed to read 10 to 15 files from the project codebase (SKILL.md, Step 5).
Boundary markers: Not explicitly defined for the ingestion of project code.
Capability inventory: The skill can execute shell commands for package installation (Step 3) and perform file system writes for configuration and instrumentation (Steps 6, 9).
Sanitization: Not mentioned, although the modifications are targeted and minimal by design.

instrument-product-analytics