configure-feature-flags
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted local data (Indirect Prompt Injection surface).
- Ingestion points: The skill reads
package.json,pyproject.toml,go.mod,Cargo.toml, and.project-standards.yamlto detect project settings. - Boundary markers: There are no explicit instructions or delimiters used to prevent the agent from following instructions that might be embedded in these files (e.g., in a package description or script name).
- Capability inventory: The skill has access to
Bash,Write,Edit, andWebFetchtools, which could be exploited if malicious instructions in project files were followed. - Sanitization: The skill uses standard tools like
jqandgrepto extract data but does not explicitly sanitize the content before the agent processes it. - [EXTERNAL_DOWNLOADS]: The skill downloads several software development kits (SDKs) and providers.
- Trusted Sources: All downloads originate from well-known and trusted registries: NPM (
@openfeature/*), PyPI (openfeature-sdk), and GitHub (github.com/open-feature/*,github.com/thomaspoignant/*). Per security guidelines, these are documented neutrally and do not escalate the verdict. - [COMMAND_EXECUTION]: The skill uses
Bashto perform local setup tasks such as installing packages, linting configuration files, and checking service health onlocalhost. These operations are consistent with the skill's primary purpose.
Audit Metadata