loom-feature-flags
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and implementation templates for feature flag systems and does not contain any executable malicious payloads.
- [EXTERNAL_DOWNLOADS]: Demonstrates standard integration patterns with remote services like LaunchDarkly and includes logic for infrastructure health checks using
fetch. These operations are well-defined within the scope of feature flag management. - [COMMAND_EXECUTION]: Implements regex-based targeting rules using
new RegExp. While this pattern can be a surface for ReDoS if the configuration is sourced from untrusted users, it is presented here as a standard engineering pattern for admin-controlled configurations. - [CREDENTIALS_UNSAFE]: Correctly demonstrates the use of environment variables (
process.env.LAUNCHDARKLY_SDK_KEY) to manage sensitive API credentials, adhering to security best practices.
Audit Metadata