feature-flags-android

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to connect to a PostHog MCP/server and fetch/evaluate feature flags and their payloads from the PostHog API (e.g., examples calling https://us.i.posthog.com/flags and SDK methods to getFeatureFlag/getFeatureFlagPayload in SKILL.md and references), which are third-party/user-provided values the agent would read and act on to change behavior.