Skills
skills/posthog/ai-plugin/signals-scout-inbox-validation/Gen Agent Trust Hub

signals-scout-inbox-validation

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill retrieves pull request merge timestamps from the official GitHub API. This is used as a proxy for deployment timing to ensure that validation probes occur after a sufficient 'soak window' has passed.
  • [COMMAND_EXECUTION]: The skill performs data analysis by executing SQL queries against the events and document_embeddings tables. This allows the agent to calculate pre-fix baselines and compare them against post-fix results to determine if a fix was successful.
  • [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection via report content and PR data, but mitigates this by instructing the agent to treat all fetched content strictly as data and never as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 10:58 AM
Security Audit — agent-trust-hub — signals-scout-inbox-validation