feature-flags-nextjs
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides implementation guides for official PostHog SDKs across multiple platforms (JavaScript, Node.js, Python, PHP, Ruby, Go, React Native, Android, iOS, Flutter, Java, Rust, Elixir, and .NET). All packages and libraries are official vendor resources.
- [SAFE]: Instructions consistently emphasize the use of environment variables for project tokens (e.g.,
NEXT_PUBLIC_POSTHOG_TOKEN) and advise against hardcoding sensitive keys. - [SAFE]: Network operations are directed exclusively to official PostHog API endpoints (
us.i.posthog.comandeu.i.posthog.com). - [SAFE]: The skill references an official vendor initialization tool (
npx @posthog/wizard@latest) for automated setup, which is standard practice for the platform. - [SAFE]: Security best practices such as deploying a reverse proxy to prevent tracking blockages and using server-side evaluation to reduce client-side exposure are appropriately highlighted.
Audit Metadata