querying-posthog-data

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly queries captured user/AI trace data (e.g., properties like $ai_input, $ai_input_state/$ai_output_state in references/example-llm-trace.md and events/document_embeddings in SKILL.md), which are user-generated/untrusted payloads stored in PostHog and can contain system prompts or instructions that could influence subsequent tool use.