evidence-analysis
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill operates within the FeatBit ecosystem, using official tools and project-specific reference guides to perform its tasks. No malicious patterns or unauthorized behaviors were identified.
- [EXTERNAL_DOWNLOADS]: References official FeatBit documentation for experiment interpretation and Bayesian analysis. These links are consistent with the skill's functional purpose and vendor identity.
- [COMMAND_EXECUTION]: Orchestrates actions through authorized tools like
project-syncandfeatbit-clito update project state and manage feature flag configurations. These operations are restricted to the context of the release management workflow. - [PROMPT_INJECTION]: Processes experimental analysis results to inform release decisions. While this ingestion represents a theoretical attack surface for indirect prompt injection, the skill implements structured logic and strictly defined decision categories to interpret the data safely.
- Ingestion points: Experiment records and analysis results retrieved from the project database via
project-sync. - Boundary markers: Absent; data is processed directly as instruction context.
- Capability inventory: Ability to modify project stages and feature flag status via associated tools.
- Sanitization: Not explicitly implemented; the skill relies on mapping quantitative data to a fixed set of four operational categories (CONTINUE, PAUSE, ROLLBACK CANDIDATE, INCONCLUSIVE).
Audit Metadata