statamic-with-eloquent
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns, obfuscated content, or security risks were identified. The skill correctly implements architectural patterns for Statamic CMS development.
- [PROMPT_INJECTION]: The skill describes patterns for rendering content from the CMS, which serves as an ingestion point for external data. While the use of unescaped Blade output and dynamic partial inclusion represents a surface for indirect prompt injection, these are standard framework features for rendering rich text and flexible content blocks.
- Ingestion points: Statamic entry fields, globals, and Replicator/Bard content blocks (SKILL.md).
- Boundary markers: Absent from the provided Blade examples.
- Capability inventory: Dynamic partial inclusion (@include) and unescaped HTML output ({!! !!}).
- Sanitization: Not explicitly defined in the skill logic.
- [COMMAND_EXECUTION]: The skill references standard administrative 'php please' CLI commands for managing the CMS environment, such as creating collections and clearing caches.
Audit Metadata