managing-path-cleaning-rules
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate instructions for configuring project-level settings in the PostHog environment. It follows best practice by instructing the agent to read existing configurations before applying updates to prevent accidental data loss.
- [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection because it processes untrusted data (URL pathnames) from the project's events database. This is an inherent risk of the task, as the agent must analyze real paths to suggest normalization rules.
- Ingestion points: SQL query results from the
eventstable (SKILL.md). - Boundary markers: Absent.
- Capability inventory:
execute-sql(read) andproject-settings-update(write) tools. - Sanitization: Absent; pathnames are analyzed for pattern identification without explicit escaping.
- [COMMAND_EXECUTION]: The skill utilizes vendor-specific MCP tools (
execute-sqlandproject-settings-update) for administrative tasks. The usage is restricted to inspecting event metadata and updating the path cleaning configuration, which is consistent with the skill's stated purpose.
Audit Metadata