cleaning-up-stale-feature-flags
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill utilizes official PostHog tools to access and manage project resources, adhering to the vendor's intended functionality.
- [SAFE]: All high-risk actions, such as disabling or deleting feature flags, are governed by strict instructions requiring explicit user confirmation before execution.
- [SAFE]: The skill generates code cleanup instructions as text templates for the user to review and apply manually, preventing automated or unauthorized codebase modifications.
- [DATA_EXPOSURE]: The skill reads feature flag metadata (keys, descriptions, and rollout status) to facilitate audits. This access is scoped to the primary purpose of the skill and occurs via authorized tool calls.
- [PROMPT_INJECTION]: While the skill ingests external data (feature flag definitions) that could contain indirect prompt injections, the risk is mitigated by the 'human-in-the-loop' requirement for all subsequent actions and the descriptive nature of the data usage.
Audit Metadata