developing-with-php
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes templates and examples for constructing SQL queries that use string interpolation for database table and column names (e.g., in REFERENCE.md and templates/pdo_repository.template.php). While common in repository and active-record patterns, this requires developers to ensure these identifiers are not sourced from untrusted user input to prevent potential SQL injection.
- [EXTERNAL_DOWNLOADS]: The composer.template.json file specifies development dependencies from well-known and trusted sources, including PHPUnit for testing, PHPStan for static analysis, and PHP_CodeSniffer for linting. These are standard tools in the PHP ecosystem.
- [SAFE]: The skill documentation explicitly advocates for security best practices, including the use of password_hash() for credentials, htmlspecialchars() for output escaping, and a specific warning against interpolating user input directly into SQL statements.
Audit Metadata