posthog-incident-runbook
Facilitates rapid incident response for PostHog outages, including triage, mitigation, and postmortem procedures.
Install this skill
Security score
The posthog-incident-runbook skill was audited on May 12, 2026 and we found 27 security issues across 4 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 39 | ```bash |
Curl to non-GitHub URL
| 46 | curl -sf -o /dev/null -w "%{http_code}" https://us.i.posthog.com/healthz || echo "UNREACHABLE" |
Curl to non-GitHub URL
| 51 | curl -sf -o /dev/null -w "%{http_code}" -X POST 'https://us.i.posthog.com/capture/' \ |
Curl to non-GitHub URL
| 58 | curl -sf -o /dev/null -w "%{http_code}" -X POST 'https://us.i.posthog.com/decide/?v=3' \ |
Curl to non-GitHub URL
| 66 | curl -sf -o /dev/null -w "%{http_code}" "https://app.posthog.com/api/projects/" \ |
Curl to non-GitHub URL
| 73 | curl -sf -o /dev/null -w "%{http_code}" "https://your-app.com/api/health" || echo "UNREACHABLE" |
Curl to non-GitHub URL
| 104 | curl -s -o /dev/null -w "Capture: %{http_code}\n" -X POST 'https://us.i.posthog.com/capture/' \ |
Curl to non-GitHub URL
| 109 | curl -s -o /dev/null -w "Admin: %{http_code}\n" "https://app.posthog.com/api/projects/" \ |
Curl to non-GitHub URL
| 136 | curl -s -X POST 'https://us.i.posthog.com/capture/' \ |
Curl to non-GitHub URL
| 197 | curl -s https://us.i.posthog.com/healthz > "$INCIDENT_DIR/healthz.json" 2>&1 |
Webhook reference - potential data exfiltration
| 34 | | P3 | Minor impact | < 4 hours | Webhook delays, specific event type missing | |
Access to .env file
| 155 | const posthog = new PostHog(process.env.NEXT_PUBLIC_POSTHOG_KEY!, { |
Access to .env file
| 156 | personalApiKey: process.env.POSTHOG_PERSONAL_API_KEY, // Required for local eval |
External URL reference
| 46 | curl -sf -o /dev/null -w "%{http_code}" https://us.i.posthog.com/healthz || echo "UNREACHABLE" |
External URL reference
| 51 | curl -sf -o /dev/null -w "%{http_code}" -X POST 'https://us.i.posthog.com/capture/' \ |
External URL reference
| 58 | curl -sf -o /dev/null -w "%{http_code}" -X POST 'https://us.i.posthog.com/decide/?v=3' \ |
External URL reference
| 66 | curl -sf -o /dev/null -w "%{http_code}" "https://app.posthog.com/api/projects/" \ |
External URL reference
| 73 | curl -sf -o /dev/null -w "%{http_code}" "https://your-app.com/api/health" || echo "UNREACHABLE" |
External URL reference
| 104 | curl -s -o /dev/null -w "Capture: %{http_code}\n" -X POST 'https://us.i.posthog.com/capture/' \ |
External URL reference
| 109 | curl -s -o /dev/null -w "Admin: %{http_code}\n" "https://app.posthog.com/api/projects/" \ |
External URL reference
| 136 | curl -s -X POST 'https://us.i.posthog.com/capture/' \ |
External URL reference
| 142 | # WRONG: https://app.posthog.com (this is the UI) |
External URL reference
| 143 | # RIGHT: https://us.i.posthog.com (this is the ingest endpoint) |
External URL reference
| 197 | curl -s https://us.i.posthog.com/healthz > "$INCIDENT_DIR/healthz.json" 2>&1 |
External URL reference
| 224 | - [PostHog Status Page](https://status.posthog.com) |
External URL reference
| 225 | - [PostHog Support](https://posthog.com/docs/support) |
External URL reference
| 226 | - [PostHog API Overview](https://posthog.com/docs/api) |