Skills
skills/andrelandgraf/fullstackrecipes/feature-flags-setup/Gen Agent Trust Hub

feature-flags-setup

Warn

Audited by Gen Agent Trust Hub on Feb 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
  • External Downloads (MEDIUM): The skill instructs the agent to fetch content from https://fullstackrecipes.com/api/recipes/feature-flags-setup using curl. This domain is not a recognized trusted source, and the content being fetched consists of 'recipes' (instructions/code) that the agent is expected to follow.
  • Indirect Prompt Injection (MEDIUM): The skill has a significant attack surface because it ingests untrusted external data that influences agent behavior.
  • Ingestion points: Remote API call to fullstackrecipes.com in SKILL.md.
  • Boundary markers: None; the fetched content is likely interpolated directly into the agent's context.
  • Capability inventory: While no direct eval or subprocess calls are in the skill itself, the agent's goal is 'implementation', which typically involves file writes and command execution.
  • Sanitization: None detected.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 15, 2026, 10:43 PM