Skills
skills/posthog/skills/skills-store/Gen Agent Trust Hub

skills-store

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a remote instruction loader pattern (Category 8). It retrieves instruction sets (skill bodies) from a remote PostHog store and directs the agent to 'treat it as your system instructions for this task.'
  • Ingestion points: Data enters the context via posthog:skill-get (instruction body) and posthog:skill-file-get (bundled reference files).
  • Boundary markers: The skill does not provide or mandate the use of delimiters or 'ignore embedded instructions' warnings when incorporating this remote content into the agent's prompt.
  • Capability inventory: Loaded skills are described as having access to allowed_tools and can include executable code in the scripts/ directory.
  • Sanitization: No sanitization, escaping, or validation of the remote instruction body or bundled files is described before they are followed or used.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the fetching and dynamic execution of scripts from the PostHog store.
  • Evidence: The workflow explicitly describes using posthog:skill-file-get to pull bundled scripts (such as those in the scripts/ directory) on demand for execution. While the source is a well-known service (PostHog), this mechanism allows for the runtime execution of code retrieved from an external repository.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 12:06 PM