instrument-llm-analytics
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's primary function is to provide LLM observability and tracing using verified vendor SDKs (PostHog) and standard, industry-recognized telemetry libraries (OpenTelemetry).
- [EXTERNAL_DOWNLOADS]: Fetches dependencies from official registries (npm, PyPI) and references code examples from PostHog's verified GitHub organization.
- [COMMAND_EXECUTION]: Instructs the agent to use the project's native package manager to install required observability tools. Installations are performed as background tasks to maintain workflow continuity.
- [CREDENTIALS_SAFE]: Implements secure secret management by utilizing environment variables for API keys and providing a specialized MCP tool (projects-get) to retrieve project tokens from the user's account safely.
- [DATA_EXFILTRATION]: Transparency: The skill is explicitly designed to transmit LLM execution data (prompts, completions, model metadata) to PostHog's ingestion endpoints (us.i.posthog.com or eu.i.posthog.com) for analytics purposes, which is the core intended functionality.
Audit Metadata