feature-flags-elixir
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists of documentation and reference material for integrating PostHog feature flags. No malicious code, prompt injections, or obfuscation patterns were detected during analysis.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing official PostHog SDKs from legitimate package registries (e.g., Hex, NPM, PyPI). These references point to verified vendor resources intended for integration.
- [DATA_EXFILTRATION]: Code examples demonstrate transmitting telemetry and feature flag data to official PostHog infrastructure (e.g., us.i.posthog.com). These network operations are expected for the skill's purpose and target verified vendor domains.
- [CREDENTIALS_UNSAFE]: Best practice guidelines in the skill core instructions mandate the use of environment variables for API keys. Placeholders like '<ph_project_token>' are consistently used in examples to prevent accidental credential exposure.
Audit Metadata