instrument-feature-flags
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of official PostHog SDKs across multiple platforms (npm, PyPI, Maven, NuGet, Crates.io, RubyGems). It also references official documentation and API endpoints hosted on PostHog's infrastructure (e.g., us.i.posthog.com, eu.i.posthog.com). These resources are well-known vendor assets.
- [CREDENTIALS_UNSAFE]: The skill includes instructions to store PostHog API tokens in environment variable files (e.g., .env, .env.local) instead of hardcoding them. It uses an MCP server tool ('projects-get') to retrieve these tokens securely when available.
- [COMMAND_EXECUTION]: The skill guides the user to run standard package management commands (e.g., 'npm install', 'pip install', 'go get') and CLI operations (e.g., 'dotnet user-secrets') as part of the normal development workflow.
- [PROMPT_INJECTION]: Indirect Prompt Injection: This category identifies a potential vulnerability surface where malicious instructions could be embedded in the data processed by the skill.
- Ingestion points: The agent reads and analyzes the user's local codebase, including dependency files (package.json, requirements.txt, etc.) and lockfiles.
- Boundary markers: Absent. The instructions do not specify the use of delimiters when reading or processing the codebase content.
- Capability inventory: The skill possesses the capability to read files, write to files, and invoke MCP tools for project configuration.
- Sanitization: Absent. There is no explicit instruction to sanitize or validate the content of the files read from the user's codebase before processing.
Audit Metadata