The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from PostHog events via SQL queries and instructs the agent to use shell commands (bash) to explore or process these results when they are saved to files. The absence of explicit boundary markers or sanitization guidelines for the ingested data could potentially allow malicious database entries to influence agent behavior.
Ingestion points: Results from the posthog:execute-sql tool, which can include arbitrary text from user-generated events, exceptions, and properties.
Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore embedded instructions in the queried data.
Capability inventory: The guidelines in references/guidelines.md and references/example-llm-trace.md explicitly recommend using shell commands (e.g., bash, grep) to process query results saved to the file system.
Sanitization: No sanitization or escaping mechanisms are prescribed for the external data before it is processed by the agent.

querying-posthog-data