Skills
skills/posthog/skills/querying-posthog-data/Gen Agent Trust Hub

querying-posthog-data

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill is designed to process untrusted data from PostHog analytics (e.g., event properties, exception messages, and LLM trace content) via SQL queries.
  • Ingestion points: Results from the posthog:execute-sql tool targeting various captured data tables such as events and ai_events.
  • Boundary markers: The skill does not specify markers for query output but mitigates risks by instructing the agent in references/example-llm-trace.md to dump sensitive LLM data to files rather than outputting it directly into the conversation.
  • Capability inventory: SQL execution via posthog:execute-sql and shell processing via bash commands.
  • Sanitization: No explicit sanitization of external data content is defined before processing.
  • [COMMAND_EXECUTION]: The guidelines suggest using bash commands like grep to explore and process data saved to local files, which is a standard procedure for this agent's environment.
  • [NO_CODE]: The skill consists entirely of documentation and reference files in Markdown format; no executable scripts (e.g., Python, JavaScript) or binaries are included.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:54 PM