investigating-replay
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes vendor-provided tools (e.g., posthog:session-recording-get, posthog:execute-sql) for their intended purposes within the PostHog ecosystem.
- [DATA_EXFILTRATION]: No unauthorized network requests or attempts to access sensitive credentials or local files were detected.
- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it ingests untrusted data from session recording events (such as exception messages and page URLs). Evidence Chain: (1) Ingestion points: SKILL.md Steps 1, 2, and 3 retrieve metadata and event properties. (2) Boundary markers: No specific delimiters or instructions to ignore embedded commands are present. (3) Capability inventory: The skill utilizes posthog:execute-sql and posthog:persons-retrieve. (4) Sanitization: No content filtering or sanitization is specified. This surface is considered a standard risk given the skill's primary focus on data analysis.
Audit Metadata