psr-overview-knowledge
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- Category 1: Prompt Injection (SAFE): No instructions attempting to override agent behavior or bypass safety filters were found. The documentation uses standard technical language.
- Category 2: Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. Code examples use generic placeholders or standard logging patterns.
- Category 3: Obfuscation (SAFE): No Base64, zero-width characters, homoglyphs, or other obfuscation techniques were identified across any of the files.
- Category 4: Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references standard PSR interface packages (e.g.,
psr/log,psr/http-message) and reputable community implementations (e.g., Monolog, Symfony components, Nyholm PSR-7). No remote script execution or suspicious package installations were found. - Category 5: Privilege Escalation (SAFE): No commands related to privilege escalation (e.g.,
sudo,chmod 777) were present. - Category 6: Persistence Mechanisms (SAFE): No attempts to establish persistence (e.g., shell profiles, cron jobs) were detected.
- Category 7: Metadata Poisoning (SAFE): Metadata fields are descriptive and contain no deceptive or malicious instructions.
- Category 8: Indirect Prompt Injection (LOW/SAFE): While the skill contains templates with placeholders like
{PROJECT_NAME}, it does not possess any capabilities (such as shell execution or file writing) that could be exploited via these injection surfaces. The risk is considered negligible. - Category 9: Time-Delayed / Conditional Attacks (SAFE): No logic gating behavior based on time or environment was found.
- Category 10: Dynamic Execution (SAFE): The provided code examples are static PHP snippets intended for educational purposes and do not involve runtime code generation or unsafe deserialization.
Audit Metadata