feature-flag-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No evidence of instructions designed to bypass agent constraints, override system prompts, or redirect behavioral guidelines.
- [Data Exposure & Exfiltration] (SAFE): The skill follows best practices by using environment variables for client-side identifiers. No unauthorized access to sensitive file paths (~/.ssh, etc.) or suspicious network operations were identified.
- [External Downloads] (SAFE): The skill references the launchdarkly-react-client-sdk, which is a well-known, industry-standard package for feature management.
- [Indirect Prompt Injection] (SAFE): While the skill ingests configuration from local JSON files, this is a standard application pattern for feature toggling and does not expose a surface for manipulating the agent's internal logic.
- [Dynamic Execution] (SAFE): The implementation consists of static React components and hooks, with no usage of unsafe evaluation, dynamic script generation, or risky deserialization patterns.
Audit Metadata