detect-n-plus-one
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No malicious patterns or security risks were identified during the audit.\n- [Category 1] Prompt Injection: No instructions attempting to bypass safety filters or override agent behavior were found.\n- [Category 2] Data Exposure & Exfiltration: The skill does not access sensitive files (e.g., .env, .ssh) or perform unauthorized network requests. It targets only .php files for analysis.\n- [Category 4] Unverifiable Dependencies: The skill does not install external packages or execute remote scripts.\n- [Category 8] Indirect Prompt Injection: While the skill processes untrusted PHP source code, its capabilities are restricted to pattern matching (Grep), which does not pose a significant risk of instruction execution. No evidence of malicious capability chaining was found.
Audit Metadata