signals-scout-logs
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by PostHog and uses only PostHog-specific monitoring and state-management tools (e.g., signals-scout-scratchpad, query-logs).
- [DATA_EXFILTRATION]: No evidence of data exfiltration was found. All data processing occurs within the PostHog MCP tool ecosystem, and no external network calls (curl, wget) are present.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials, API keys, or sensitive local file paths (e.g., .ssh, .env) were detected.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes untrusted log data from external sources. However, this risk is inherent to its primary purpose as a log analyzer, and the instructions emphasize using confidence thresholds and manual verification before emitting findings.
- [COMMAND_EXECUTION]: No arbitrary command execution or shell spawning was detected. The skill uses a predefined set of read-only and state-management MCP tools.
Audit Metadata