go-feature-flag
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends downloading the official
goffCLI tool fromgithub.com/thomaspoignant/go-feature-flagand thegofeatureflag/go-feature-flagDocker image. These are standard external resources required for the functionality described. - [COMMAND_EXECUTION]: The skill provides instructions for executing setup and testing commands such as
go install,docker run, andcurl. These are legitimate administrative actions for managing a feature flag service. - [REMOTE_CODE_EXECUTION]: The installation of the CLI tool via
go installfrom a remote repository involves the execution of externally sourced code. This is a common pattern for installing developer tools. - [PROMPT_INJECTION]: The skill processes external data via
flags.goff.yamland evaluation contexts. Ingestion points: Configuration files and JSON payloads. Boundary markers: Not present. Capability inventory: Includes powerful tools likeBashandWrite. Sanitization: Not specified, presenting a potential surface for indirect prompt injection if malicious data is provided in flag configurations.
Audit Metadata