flags-sdk
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Automated CLI Workflow: The skill provides a structured 'Agent workflow' that directs the agent to execute Vercel CLI commands. This includes project linking, flag creation, and environment variable synchronization. These operations are essential for managing feature flags within the Vercel ecosystem and use standard developer tooling.
- External Package Management: The documentation references numerous Node.js packages for various flag provider adapters (e.g.,
@flags-sdk/vercel,@flags-sdk/statsig,@flags-sdk/posthog). These packages are pulled from the official npm registry and belong to recognized technology organizations. - System Configuration and Secrets: The instructions involve fetching project-specific secrets and environment variables (such as
FLAGS_SECRET) using thevercel env pullcommand. This is a standard practice for local development setup and relies on the user's existing authentication with the Vercel platform. - Remote Skill Integration: The skill suggests adding the
vercel-cliskill from a remote GitHub repository if it is not already present. This enables cross-skill functionality and points to an official organization repository. - Local Code Generation: A small utility command using Node.js's crypto module is used to generate random bytes for a security secret. This is performed locally and ensures that users generate unique, secure keys for their own environment.
Audit Metadata