detect-unnecessary-loops
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted PHP code, creating a surface for indirect prompt injection where malicious instructions could be embedded in the code being scanned.\n
- Ingestion points: Local PHP files targeted for performance analysis (referenced in
SKILL.md).\n - Boundary markers: The skill lacks explicit delimiters or instructions to ignore embedded natural language directives within the analyzed source code.\n
- Capability inventory: The agent is guided to use search tools (grep) to inspect file contents.\n
- Sanitization: No validation or sanitization of the input file content is defined.\n- [NO_CODE]: The skill consists of markdown documentation and grep search patterns. It does not include any executable scripts, binaries, or automated configuration files.
Audit Metadata