laravel-releases
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion point:
gh release viewin SKILL.md. Boundary markers: Absent. Capability inventory:Bash,Read,Grep,Globin SKILL.md. Sanitization: Absent. External content from Laravel release notes is processed without isolation, creating a surface for malicious instructions to influence the agent. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to execute system commands such ascomposer showandgh releaseto interact with the official Laravel framework repository. This capability is necessary for the skill's purpose but represents a tool that could be misused if the agent is compromised via injection.
Audit Metadata