Skills
skills/posthog/skills/consuming-endpoints-from-client-code/Gen Agent Trust Hub

consuming-endpoints-from-client-code

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill promotes security best practices by explicitly instructing the agent and the user to never embed personal API keys in client-side code (mobile apps, browser JS). It correctly identifies this as a potential source of account exposure.
  • [EXTERNAL_DOWNLOADS]: The documentation references well-known and widely used industry tools for client generation, including @hey-api/openapi-ts, openapi-generator-cli, and oapi-codegen. These are recognized development tools and do not represent a security risk in this context.
  • [COMMAND_EXECUTION]: The skill describes the use of the posthog-cli for local testing and management. This is a vendor-provided tool intended for legitimate development workflows and configuration management.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 12:35 PM
Security Audit — agent-trust-hub — consuming-endpoints-from-client-code