ysl-api
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of
Artisan::call('cache:clear')in its queue job examples (references/jobs.md). This is a legitimate use of the Laravel framework's internal command system for cache management and does not indicate an external command injection risk.\n- [PROMPT_INJECTION]: The skill defines a standard workflow for ingesting untrusted data through Laravel Form Requests, creating a surface for indirect prompt injection if the stored data is later processed by an AI agent.\n - Ingestion points: External data enters via Form Requests located in
app/Http/Requests/.\n - Boundary markers: No specific boundary markers or instruction-ignoring warnings are present in the provided templates.\n
- Capability inventory: The system includes capabilities for database storage, push notification networking, and internal command execution.\n
- Sanitization: The skill enforces input validation through Laravel's
rules()method and utilizes PHP 8.3 type declarations to ensure data integrity.
Audit Metadata