instrument-integration
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions (Step 7) create an indirect prompt injection surface by directing the agent to run linter or formatting scripts from the user's project configuration.
- Ingestion points: Project configuration files such as
package.json(as described inSKILL.md). - Boundary markers: Absent; there are no instructions to verify the content of the scripts before execution.
- Capability inventory: Shell command execution via package managers (e.g.,
npm run lint). - Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill integrates official PostHog SDKs by downloading them from public package registries (NPM, PyPI, etc.) and referencing official vendor repositories on GitHub.
- [CREDENTIALS_UNSAFE]: A hardcoded PostHog project token (
phc_jE9kXU0depRekiuabVROlxxkIXn95NqsNO3qB4qNKtl) was identified in the configuration of an example project within the references (BurritoConsiderationClient.xcscheme). This is a vendor-provided demo credential for the included sample applications.
Audit Metadata