The Agent Skills Directory

[SAFE]: The skill operates within the PostHog ecosystem using authenticated MCP tools for read-only data analysis and internal signal reporting. All database operations and tool invocations follow expected vendor-specific patterns.
[PROMPT_INJECTION]: The skill processes scanner outputs (verdicts, tags, summaries) which are derived from end-user session recordings. This represents a potential indirect prompt injection surface. The skill proactively mitigates this risk by including a dedicated 'Untrusted data' section with the following controls:
Ingestion points: Data enters the agent context via execute-sql queries on $recording_observed events and vision-scanners-observations-list tool calls in SKILL.md.
Boundary markers: The agent is explicitly instructed to treat all scanner-derived text strictly as data and never as instructions, even if the content resembles commands. It is directed to quote summaries as short, truncated snippets.
Capability inventory: The agent possesses the ability to run SQL queries via execute-sql, write to an internal inbox via signals-scout-emit-signal, and manage internal state via signals-scout-scratchpad-remember.
Sanitization: The skill mandates the use of sanitized identifiers (slugified names/tags) and requires cross-session evidence (volume-based corroboration) to ensure findings are not based on single-session hallucinations or malicious data injections.

signals-scout-replay-vision