feature-flags-php

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and evaluates feature-flag data from PostHog cloud (e.g., the /flags API at https://us.i.posthog.com/flags and SDK calls like getFeatureFlag/getFeatureFlagPayload), which are third‑party, user‑configurable payloads the agent is instructed to read and act on, so external content can materially influence behavior.