feature-flags-nodejs
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a legitimate technical guide for integrating PostHog's feature flag service into applications. The instructions and code snippets provided align with standard development practices.
- [EXTERNAL_DOWNLOADS]: The skill references installation of official PostHog libraries (e.g.,
posthog-node,@posthog/react) from well-known package registries like npm, yarn, and pnpm. These are standard dependencies for the service. - [DATA_EXFILTRATION]: Network communication documented in the skill (such as API calls to
https://us.i.posthog.com) is directed to the official PostHog infrastructure for feature flag evaluation and event telemetry, which is consistent with the skill's stated purpose. - [CREDENTIALS_UNSAFE]: The skill includes explicit security guidance to use environment variables for sensitive project tokens and uses generic placeholders (like
<ph_project_token>) in all provided code examples to prevent secret leakage.
Audit Metadata