Skills
skills/posthog/skills/exploring-llm-clusters/Gen Agent Trust Hub

exploring-llm-clusters

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses official PostHog tools (posthog:execute-sql, posthog:query-llm-trace) and links to verified vendor domains (app.posthog.com) to perform its primary function of LLM traffic analysis.
  • [SAFE]: The included Python script scripts/print_clusters.py is a local utility for parsing and summarizing clustering results. It utilizes standard library modules (json, sys) and does not perform network operations or access sensitive system files.
  • [PROMPT_INJECTION]: The skill processes LLM traces and AI-generated cluster descriptions, which represent an indirect prompt injection surface. This is a functional requirement for an analytics skill; given the read-only nature of the tools and the intended use case, this is considered a safe surface.
  • Ingestion points: PostHog event properties and trace details retrieved via SQL and trace tools (SKILL.md).
  • Boundary markers: None present to delimit untrusted content.
  • Capability inventory: posthog:execute-sql (read-only), posthog:query-llm-trace (SKILL.md).
  • Sanitization: None documented for the analyzed traces.
  • [COMMAND_EXECUTION]: The skill utilizes SQL query templates with variable placeholders (e.g., <run_id>). While this presents a surface for SQL injection during agent interpolation, it is a standard pattern for database interaction in PostHog analytics and does not indicate malicious intent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 12:06 PM