signals
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a technical guide for an AI agent to query the
document_embeddingstable using PostHog's HogQL. The instructions are focused on legitimate data retrieval and analysis tasks. - [DATA_EXFILTRATION]: While the skill enables the retrieval of potentially sensitive data (content and embeddings), it does so through the authorized
posthog:execute-sqltool within the user's own environment. There are no instructions to transmit this data to external or unauthorized destinations. - [COMMAND_EXECUTION]: The skill documents the use of the
posthog:execute-sqlMCP tool. It emphasizes mandatory filters (model_name,product,document_type, andtimestamp) that ensure query performance and data relevance. It also notes that the HogQL engine automatically enforces team-level data isolation. - [INDIRECT_PROMPT_INJECTION]: The skill defines an attack surface by instructing the agent to ingest natural-language descriptions from a database. However, this is the core functionality of a data-querying skill.
- Ingestion points: Content is retrieved from the
document_embeddingstable via HogQL queries (SKILL.md). - Boundary markers: None explicitly defined in the SQL templates, though the documentation focuses on structured data extraction.
- Capability inventory: The skill utilizes the
posthog:execute-sqltool for database access. - Sanitization: No specific sanitization of retrieved database content is mentioned, which is standard for internal data-analysis tools.
Audit Metadata