The Agent Skills Directory

[SAFE]: The skill's instructions are focused on legitimate security auditing activities for PHP applications. It directs the agent to locate and analyze configuration files (e.g., .env, php.ini) and code patterns (e.g., ini_set, security headers) to generate a vulnerability report. The described behavior is consistent with the skill's stated purpose.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from external configuration and source files. This is documented as a low-risk factor inherent to the nature of security auditing tools. 1. Ingestion points: Configuration files (.env, php.ini, yaml), Dockerfiles, and PHP source code. 2. Boundary markers: Not explicitly defined in the instructions. 3. Capability inventory: The skill performs file reading and static analysis, followed by writing a report to a local directory. 4. Sanitization: No specific content validation or escaping is specified for the input data.

php-config-audit