Skills
skills/posthog/ai-plugin/querying-posthog-data/Gen Agent Trust Hub

querying-posthog-data

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions create a surface for indirect prompt injection by directing the agent to ingest and process data from PostHog entities like events and person properties, which are externally controlled. The agent is further instructed to use powerful tools like SQL and shell commands to explore this data.
  • Ingestion points: Data is ingested through tools like posthog:execute-sql and various read-data-schema functions in SKILL.md and references/guidelines.md.
  • Boundary markers: The guidelines recommend dumping large outputs to files for exploration, which provides a technical boundary but does not isolate instructions within the data.
  • Capability inventory: The agent can execute complex HogQL/SQL via posthog:execute-sql and is prompted to use bash commands for data analysis in references/guidelines.md.
  • Sanitization: No explicit sanitization or instructions to ignore embedded directives are provided.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 04:27 PM