laravel-api-architect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- External Downloads (SAFE): The skill references 'composer require laravel/passport', which is the standard installation method for a well-known, legitimate Laravel ecosystem package. No unknown or malicious third-party packages were detected.
- Command Execution (SAFE): Uses standard 'php artisan' commands for scaffolding (model, request, resource creation) and local development environment management. These commands do not involve arbitrary user input or unsafe execution patterns.
- Credential Handling (SAFE): The implementation of 'AuthController' follows best practices by using 'Hash::make' for password storage and 'Hash::check' for verification. No hardcoded secrets or API keys are present.
- Indirect Prompt Injection (SAFE): While the skill defines API endpoints that process external data, it utilizes Laravel's 'FormRequest' system to enforce strict validation rules and the Eloquent ORM to prevent injection attacks.
- Ingestion points: HTTP Request data in 'OrderController' and 'AuthController'.
- Boundary markers: Validation rules defined in 'StoreOrderRequest' and inline validation in 'AuthController'.
- Capability inventory: Database CRUD operations, token generation, and event dispatching.
- Sanitization: Built-in Laravel validation, Eloquent parameterized queries, and 'Hash' facade.
Audit Metadata