Skills
skills/launchdarkly/ai-tooling/aiconfig-update/Gen Agent Trust Hub

aiconfig-update

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the configuration of a remotely hosted LaunchDarkly MCP server to function, as documented in the README.md and SKILL.md. This is an expected dependency for a vendor-provided management skill.
  • [DATA_EXFILTRATION]: The skill uses tools like update-ai-config and update-ai-config-variation to transmit configuration data, including model parameters and instructions, to LaunchDarkly's infrastructure. This behavior is consistent with the skill's primary purpose of remote configuration management.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it reads and modifies 'instructions' and 'messages' for AI models (Category 8).
  • Ingestion points: Untrusted data enters the context via the get-ai-config and get-ai-config-health tools which fetch existing prompt content from LaunchDarkly (SKILL.md).
  • Boundary markers: The skill does not explicitly define delimiters for processed instructions.
  • Capability inventory: The agent can perform write and delete operations via update-ai-config, update-ai-config-variation, and delete-ai-config (SKILL.md).
  • Sanitization: No explicit sanitization or filtering of prompt content is described before interpolation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:36 PM
Security Audit — agent-trust-hub — aiconfig-update