feature-flags-web
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill exclusively references official PostHog documentation, SDKs, and API endpoints, which are recognized as legitimate vendor resources.\n- [EXTERNAL_DOWNLOADS]: The skill provides an installation snippet that downloads the PostHog JavaScript library (array.js) from vendor-controlled asset domains (e.g., *-assets.i.posthog.com). This is standard functionality for analytics and feature flag providers.\n- [DATA_EXFILTRATION]: The skill documents the transmission of application events and feature flag usage data to PostHog's data ingestion endpoints (us.i.posthog.com, eu.i.posthog.com). This behavior is required for the service's primary function of providing analytics and flag evaluation.\n- [CREDENTIALS_UNSAFE]: No hardcoded credentials or API keys were found. All code examples use descriptive placeholders like <ph_project_token> or explicitly instruct the user to utilize environment variables for secret management.
Audit Metadata