phpcs-check-fix
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes standard PHP development commands and binaries to analyze and fix code style.
- Executed commands:
composer cs:fix,composer cs:check,vendor/bin/phpcs, andvendor/bin/phpcbf. - These commands are consistent with the skill's stated purpose of managing PHP coding standards and use local project dependencies.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection as the skill processes external PHP source code.
- Ingestion points: Reads PHP source files and the
phpcs.xmlconfiguration file (relative path:SKILL.md). - Boundary markers: None identified; the skill directly processes file content without specific isolation markers.
- Capability inventory: Capabilities include file modification and local command execution via
composerandvendor/binbinaries. - Sanitization: The skill does not perform sanitization on the code content it processes before analysis.
- This risk is inherent to the primary function of code analysis and is considered acceptable for this use case.
Audit Metadata