aureuserp-api-builder
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a secure development workflow by enforcing mandatory authorization checks (Gate::authorize) and authentication middleware (auth:sanctum) for all generated endpoints. It also includes safe practices for guarding against missing database columns and optional plugin dependencies.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) because it reads existing project files to inform its code generation. Evidence: (1) Ingestion points: Target plugin models, policies, and Filament resources; (2) Boundary markers: Absent; (3) Capability inventory: Code generation and potential local command execution for testing; (4) Sanitization: Absent. This risk is inherent to the skill's purpose as a developer tool and is mitigated by the security constraints it imposes on the generated code.
- [COMMAND_EXECUTION]: The workflow involves local command execution for checking route registration and running tests. These operations are standard for development environments and are limited to verifying the locally generated components.
Audit Metadata