Skills
skills/fusengine/agents/laravel-api/Gen Agent Trust Hub

laravel-api

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOW
Full Analysis
  • [Prompt Injection] (SAFE): The skill instructions do not attempt to override the AI agent's safety protocols or extract system prompts. The mandatory workflow defines a structured process for code research and implementation using internal tools.
  • [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file access patterns are present. The provided templates correctly demonstrate the use of environment variables and configuration files for managing secrets like API keys.
  • [Obfuscation] (SAFE): The content is provided in cleartext Markdown and PHP. There is no use of encoding, zero-width characters, or homoglyphs to hide malicious logic.
  • [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill does not download external packages or execute remote code. All code is provided as static templates within the skill files.
  • [Privilege Escalation] (SAFE): No commands for gaining elevated system privileges or modifying critical system settings were identified.
  • [Persistence Mechanisms] (SAFE): There are no attempts to establish persistence on the host system via startup scripts, cron jobs, or similar mechanisms.
  • [Metadata Poisoning] (SAFE): Metadata fields are used appropriately and do not contain deceptive or malicious instructions.
  • [Indirect Prompt Injection] (LOW): The skill provides patterns for handling untrusted data via API requests. 1. Ingestion points: Handled through Request and FormRequest objects as described in references/requests.md and references/templates/FormRequest.php.md. 2. Boundary markers: The 'Critical Rules' section in SKILL.md explicitly mandates the validation of all input and the use of API Resources for response transformation. 3. Capability inventory: Templates provide capabilities for database modification (ApiController.php.md) and network operations (HttpClientService.php.md). 4. Sanitization: Addressed through a robust set of validation rules in references/templates/validation-rules.md, which the skill requires for all implementations.
  • [Time-Delayed / Conditional Attacks] (SAFE): No logic gating behavior based on specific times, dates, or environmental conditions was found.
  • [Dynamic Execution] (SAFE): The skill uses static code templates and does not involve dynamic evaluation of untrusted input or unsafe deserialization methods.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 06:47 AM