experiment-audit
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a robust security model using a
settings.local.jsonconfiguration to enforce granular permissions. This template explicitly categorizes tools into 'allow' (read-only) and 'ask' (mutative) lists, ensuring user oversight for any action that could change data. - [COMMAND_EXECUTION]: The package includes a helper script (
impersonate-audit.sh) designed to orchestrate the audit environment. The script performs benign local operations such as directory management, file copying for settings, and invoking the agent CLI to enable/disable the PostHog plugin. - [EXTERNAL_DOWNLOADS]: The documentation references official PostHog resources and installation commands (e.g.,
posthog@claude-plugins-official). These are legitimate assets provided by the skill's vendor for its intended functionality. - [PROMPT_INJECTION]: No malicious prompt injection or behavior override patterns were detected. The audit instructions in
SKILL.mdprioritize safety by requiring the agent to verify its project scope before performing any operations.
Audit Metadata