Skills
skills/posthog/skills/signals-scout-surveys/Gen Agent Trust Hub

signals-scout-surveys

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted user input from open-text survey responses to identify recurring themes and sentiments.
  • Ingestion points: User-generated survey responses are retrieved from the PostHog events table via the execute-sql tool, as described in SKILL.md and references/response-querying.md.
  • Boundary markers: The skill does not use explicit delimiters to isolate untrusted response data, but it instructs the agent to synthesize themes and findings into concrete claims rather than providing verbatim quotes of the raw data.
  • Capability inventory: The skill possesses read-only access to analytics via execute-sql and surveys-global-stats, and it can generate user notifications using the signals-scout-emit-signal tool.
  • Sanitization: Detailed instructions are provided to filter out internal organization users and test responses (e.g., 'TEST', 'qwe'), and the skill strictly prohibits the emission of verbatim personal data (PII).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 12:36 PM
Security Audit — agent-trust-hub — signals-scout-surveys