Skills
skills/0xshe/php-code-audit-skill/php-route-tracer/Gen Agent Trust Hub

php-route-tracer

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it is designed to ingest and analyze untrusted external data.
  • Ingestion points: The agent reads PHP source code from the source_path and parses external markdown files (routes_{timestamp}.md and params_{timestamp}.md).
  • Boundary markers: The instructions do not define boundary markers or explicit safety instructions to prevent the agent from being influenced by malicious content or comments within the analyzed source code.
  • Capability inventory: The skill involves reading project files and writing structured trace reports to the output directory.
  • Sanitization: There are no instructions for sanitizing or escaping the content of the analyzed files before they are incorporated into the agent's context or output trace.
  • [NO_CODE]: The skill consists entirely of markdown-based instructions and does not include any accompanying scripts, binaries, or executable code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 02:34 AM