php-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of common PHP development tools (Rector, PHPCS, parallel-lint, PHPUnit) via shell commands. These commands are typical for the described upgrade process and are executed within the user's development environment.\n- [EXTERNAL_DOWNLOADS]: References multiple well-known PHP packages from the official Composer registry. These include 'rector/rector', 'phpcompatibility/php-compatibility', and 'symfony/phpunit-bridge', which are standard tools for PHP maintenance.\n- [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill directs the agent to ingest external content from 'php.net' or user-provided notes. However, since 'php.net' is the official trusted documentation source for the PHP language, this is considered safe.\n
- Ingestion points: Official PHP migration guides at php.net and user-provided release notes.\n
- Boundary markers: Not explicitly defined.\n
- Capability inventory: Shell command execution via Rector, PHPCS, and PHPUnit.\n
- Sanitization: Not explicitly present, but the context is focused on technical documentation analysis.
Audit Metadata