The Agent Skills Directory

[SAFE]: The skill is entirely descriptive and contains no executable code or scripts. It serves as a reference for detecting command injection in PHP.\n- [PROMPT_INJECTION]: No instructions to override system prompts or bypass safety filters were detected. The language used is purely instructional for the purpose of identifying vulnerabilities in code.\n- [DATA_EXFILTRATION]: No network calls or sensitive data access patterns are present. Sensitive file paths such as /etc/passwd are mentioned only as illustrative examples of potential attack targets for the analysis tool.\n- [COMMAND_EXECUTION]: The skill refers to dangerous PHP functions (exec, system, shell_exec) strictly as patterns for the agent to identify during its auditing process. The skill does not invoke these commands itself.\n- [REMOTE_CODE_EXECUTION]: No patterns for downloading or executing remote code from external sources were detected. The skill's focus is on static code analysis patterns.\n- [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. Placeholders like $user and $password are used within code examples for educational purposes.

check-command-injection