laravel-upgrade
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution (LOW): The skill executes
composer updateandphp artisan. These commands are capable of running arbitrary scripts defined in the localcomposer.jsonor within the Laravel application itself. This risk is downgraded to LOW because it is essential to the skill's primary function of upgrading a framework. - Indirect Prompt Injection (LOW): The skill processes untrusted input from the user's project files which could contain instructions designed to influence the agent.
- Ingestion points:
composer.jsonand project PHP source files. - Boundary markers: Absent; the skill does not use specific delimiters to isolate project content from its instructions.
- Capability inventory: File system modification, subprocess execution (
composer,php). - Sanitization: None; the skill relies on regex patterns to find and replace code without verifying the source's intent.
Audit Metadata