php-cmd-audit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill defines a standard workflow for security auditing of PHP code. The use of terms like 'CRITICAL' and 'IMPORTANT' is purely instructional, focused on enforcing technical accuracy and reporting standards for the audit process, not for bypassing safety filters.
- [COMMAND_EXECUTION]: The skill utilizes a tracing tool (php-route-tracer) and suggests using standard searching utilities (rg) to perform its analysis, which is appropriate and expected for its stated purpose of security auditing.
- [PROMPT_INJECTION]: The skill ingests untrusted PHP source code (Ingestion Point), creating a potential surface for indirect prompt injection. Its capabilities are restricted to local analysis and reporting. Although boundary markers and explicit sanitization for the audited code are not specified in the instructions, the strict requirement for evidence-based reporting and data-flow chains serves as a check against adversarial content.
Audit Metadata