laravel-docs
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches documentation content from boost.laravel.com, which is a service provided by the well-known Laravel ecosystem.
- [COMMAND_EXECUTION]: Uses the curl utility to perform HTTP POST requests to an external API.
- [DATA_EXFILTRATION]: Transmits project version information (from composer.json) and search queries to the documentation API endpoint as part of its core functionality.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes external content. • Ingestion points: Untrusted data is ingested from the local composer.json file and the external API response from boost.laravel.com. • Boundary markers: There are no explicit delimiters or warnings instructing the agent to ignore instructions that might be embedded in the documentation data. • Capability inventory: The skill utilizes subprocess calls (curl) to perform network operations. • Sanitization: The skill does not define any sanitization or validation logic for the content received from the external API.
Audit Metadata