run-posthog
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an installation script for the
floxenvironment manager located athttps://downloads.flox.dev/by-env/stable/install.sh. - [REMOTE_CODE_EXECUTION]: Prerequisite environment configuration involves executing a remote script via
curl | sudo bashto install thefloxtoolchain. - [COMMAND_EXECUTION]: The skill utilizes local CLI tools such as
hogli,docker, andphrocsto manage application lifecycle, monitor database services (PostgreSQL, ClickHouse, Kafka, Redis), and inspect process logs. - [DATA_EXFILTRATION]: Network operations are restricted to
localhost:8010for application health monitoring and automated test workspace configuration. No evidence of sensitive data transmission to external domains was found. - [PROMPT_INJECTION]: No direct attempts to override safety filters or bypass constraints were identified. However, the following indirect prompt injection surface was detected:
- Ingestion points: Browser-based MCP servers (Playwright or Chrome DevTools) read UI content and DOM structure from
http://localhost:8010during the verification phase. - Boundary markers: The instructions lack explicit delimiters or warnings to prevent the agent from treating data retrieved from the web interface as authoritative instructions.
- Capability inventory: The agent has permissions to execute shell commands via
hogli, manage system processes throughphrocs, and interact with the local file system. - Sanitization: There is no evidence of content sanitization or filtering applied to the UI data before it is processed by the agent.
Audit Metadata