Skills
skills/eullercdr/skills/code-review-laravel/Gen Agent Trust Hub

code-review-laravel

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool restricted to a specific whitelist of safe commands: git, mkdir, date, and wc. These are used to determine the files changed in a branch and to organize report output folders.
  • [DATA_EXFILTRATION]: The skill reads the entire project source code (e.g., app/**/*.php) using Read, Grep, and Glob. While the skill processes potentially sensitive application logic, it has no network permissions to exfiltrate data; all output is saved to the local project directory via the Write tool.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it performs 'deep reading' of untrusted source code provided by the user or project environment.
  • Ingestion points: Files within the app/, database/, tests/, routes/, config/, and resources/views/ directories.
  • Boundary markers: No delimiters are implemented to encapsulate the code content being analyzed.
  • Capability inventory: The skill can perform restricted Bash commands, write to the filesystem, and perform broad file system reads.
  • Sanitization: The skill does not sanitize or filter the content of the files it reads before processing them.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 06:19 PM