laravel-mcp
Pass
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides documentation and coding standards for developing MCP servers. All external references are to well-known technology platforms, including Laravel and the official Model Context Protocol documentation.
- [SAFE]: No obfuscation, hardcoded credentials, or malicious persistence mechanisms were identified. The code examples demonstrate secure file handling within designated application storage paths.
- [PROMPT_INJECTION]: The guide describes tools and prompts that ingest external data, which constitutes an indirect prompt injection surface. This is properly addressed by teaching developers to use Laravel's validation engine and structured JSON schemas to constrain input.
- Ingestion points: User-provided parameters in handle methods, such as 'location' in CurrentWeatherTool and 'tone' in DescribeWeatherPrompt.
- Boundary markers: Examples include both JSON schema definitions and Laravel's $request->validate() method to define input boundaries.
- Capability inventory: Tools are capable of reading from application storage and returning data to AI clients; the guide includes dedicated rules for implementing authentication and authorization middleware.
- Sanitization: The skill demonstrates rigorous input sanitization through type enforcement and validation rules.
Audit Metadata