The Agent Skills Directory

[SAFE]: A detailed review of the skill's documentation, configuration files, and utility scripts found no evidence of malicious behavior, obfuscation, or unauthorized access.
[COMMAND_EXECUTION]: The skill provides standard grep commands and a local bash script (psr-check.sh) for auditing PHP code compliance. These commands operate exclusively on local project directories (e.g., 'src/', 'tests/') and do not perform network operations or access sensitive system configuration files.
[EXTERNAL_DOWNLOADS]: The skill references and provides configuration for well-known industry tools such as PHP_CodeSniffer and PHP-CS-Fixer. These are trusted utilities commonly used in PHP development for code style enforcement.
[PROMPT_INJECTION]: As a tool designed to audit source code, the skill naturally ingests untrusted data from the 'src/' directory. This represents a surface for indirect prompt injection (Category 8), however, the risk is assessed as safe because the skill uses static pattern matching and lacks the capabilities to perform dangerous actions based on the audited content. Evidence: 1. Ingestion points: 'src/' and 'tests/' directories analyzed via grep; 2. Boundary markers: Absent; 3. Capability inventory: Local file read and reporting via grep/bash; 4. Sanitization: Absent.

psr-coding-style-knowledge