The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill implements an LLM-judge pattern that processes untrusted user data from production traces. This creates a surface where malicious user input in a trace could attempt to influence the reasoning output sent to Slack.
Ingestion points: User-generated trace content retrieved via posthog:query-llm-trace in SKILL.md.
Boundary markers: The prompt template uses structural instructions to guide the model, but does not employ advanced escaping or delimiters for the trace content.
Capability inventory: The skill uses posthog:evaluation-create and Slack workflow dispatch.
Sanitization: No explicit sanitization of input trace data is mentioned before LLM processing.
[COMMAND_EXECUTION]: The skill utilizes posthog:execute-sql for standard data validation and volume analysis. The provided SQL queries are scoped to analytical tasks like counting events and inspecting event properties.
[DATA_EXFILTRATION]: The skill is designed to extract summarized insights from internal PostHog event data and send them to a configured Slack channel. This behavior is consistent with the vendor's intended use for monitoring feature adoption and is performed through standard project integrations.

feature-usage-feed