php-archive-extract-audit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a diagnostic tool for security researchers. It defines a rigorous workflow for identifying path traversal risks during archive extraction in PHP projects.
- [SAFE]: No evidence of prompt injection or attempts to bypass AI safety guidelines was found. The use of 'mandatory' or 'critical' language is confined to the technical audit process.
- [SAFE]: The skill does not perform any network operations, hardcode credentials, or attempt to exfiltrate data. References to HTTP methods and payloads are templates for audit reports, not executable code.
- [SAFE]: No obfuscation techniques (Base64, zero-width characters, etc.) or hidden instructions were identified.
- [SAFE]: The skill does not download external scripts or execute arbitrary commands. It references an auxiliary tool ('php-route-tracer') as a dependency for data flow evidence, but does not provide instructions to fetch it from untrusted sources.
Audit Metadata