The Agent Skills Directory

[SAFE]: The skill serves as a documentation and instructional resource for AI agents working with PHP projects. It outlines standard workflows for project detection, dependency management via Composer, and framework-specific patterns for Laravel and Symfony.
[COMMAND_EXECUTION]: The skill describes the use of tools like execute_terminal_command and execute_run_configuration. These are powerful capabilities intended for legitimate development tasks such as running tests, migrations, and build scripts. No evidence was found of these tools being used for unauthorized or hidden command execution.
[DATA_EXFILTRATION]: While the skill mentions environment variables and '.env' files, it does so to promote security best practices, explicitly stating that '.env' files should never be committed to version control. There are no network operations or data-reading chains that suggest exfiltration of sensitive information.
[PROMPT_INJECTION]: The instructions are clear, instructional, and lack any patterns associated with prompt injection, such as attempts to override system guidelines or bypass safety filters.
[INDIRECT_PROMPT_INJECTION]: The skill has an inherent surface area for indirect prompt injection because it reads and processes untrusted project code (via tools like read_file or get_inspections) and possesses write/execution capabilities. However, this is expected for a code-assistant skill, and the documentation provides clear guidance on interpreting project structure rather than executing untrusted data directly.

php-project-guide