instrument-feature-flags
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by PostHog and focuses on providing documentation and instructions for integrating their own feature flagging service. All operations described are consistent with the stated purpose of a vendor-provided development tool.
- [EXTERNAL_DOWNLOADS]: The instructions guide the agent to install official PostHog libraries from standard package registries (e.g., npm, PyPI, Maven Central) and reference official GitHub repositories (e.g.,
github.com/posthog/posthog-go). These resources are from a well-known service provider and do not represent a security risk. - [COMMAND_EXECUTION]: The skill recommends standard package management commands (e.g.,
npm install,pip install,go get) to set up the necessary SDKs for the detected platform. These are routine development operations. - [DATA_EXPOSURE]: The skill includes steps to manage PostHog API tokens by reading from and writing to local environment files (e.g.,
.env,.env.local). This automation is used to assist in project configuration and prevent the hardcoding of secrets in source code, which aligns with standard security practices for SDK initialization.
Audit Metadata