signals-scout-anomaly-detection
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a robust anomaly detection workflow using authorized PostHog tools. It performs read-only operations on project data and utilizes internal platform features for state management and reporting.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted metadata from the PostHog project environment (such as dashboard names, insight titles, and event properties) and incorporates this data into generated notebooks and signals. While this represents an attack surface for indirect injection, the risk is inherent to the reporting functionality and managed by platform-level controls.
- Ingestion points: Results from dashboard-get, insights-trending-retrieve, and execute-sql are used to populate reports.
- Boundary markers: The instructions do not specify the use of delimiters or sanitization logic when interpolating external metadata into prose.
- Capability inventory: The skill has the ability to write to the PostHog scratchpad, create notebooks, and emit signals to the project inbox.
- Sanitization: No explicit instructions for escaping or validating external project strings were identified.
Audit Metadata