vercel-flags
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFE
Full Analysis
- Resource Verification: All external links and package references target official Vercel domains (e.g., vercel.com, flags-sdk.dev) or verified GitHub repositories. These are documented as trusted sources.
- Credential Handling: The skill references configuration requirements like
FLAGS_SECRETandFLAGSenvironment variables. It provides guidance on their format and usage without exposing actual secrets or hardcoded credentials. - Code Execution Analysis: The code snippets provided for flag definitions, adapters, and discovery endpoints follow standard framework patterns for Next.js and SvelteKit. No patterns for arbitrary command execution, privilege escalation, or remote script execution were identified.
- Instruction Integrity: The instruction warning the AI about outdated training data is a common functional pattern used to improve accuracy for evolving libraries and does not constitute a malicious prompt injection or safety bypass attempt.
Audit Metadata