php-csrf-audit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides instructions for a security auditing task (PHP CSRF audit) and does not contain any executable code, remote downloads, or credential exfiltration attempts.
- [DATA_EXPOSURE]: The skill defines a local output path for reports (
{output_path}/vuln_audit/csrf_{timestamp}.md) but does not attempt to access sensitive system files (e.g., SSH keys, AWS credentials) or environment variables. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns, package installations, or script downloads were identified. The skill relies on local static analysis methodology.
- [PROMPT_INJECTION]: While the skill uses strong instructional language ('mandatory', 'must'), these are directed at the agent's auditing logic and do not attempt to bypass platform safety guidelines or extract system prompts.
Audit Metadata