symfony-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill incorporates standard PHP ecosystem commands for dependency management (
composer update), automated refactoring (rector), and testing (phpunit). It also includes common maintenance commands such asrm -rf var/cache/*. All commands are appropriate for the skill's primary purpose of framework migration. - [EXTERNAL_DOWNLOADS]: The instructions refer users and agents to official sources for documentation and configuration, specifically targeting the Symfony repository on GitHub and the Packagist registry. These are well-known and trusted resources within the technology community.
- [PROMPT_INJECTION]: The skill defines a workflow that ingests external data by reading framework changelogs, which constitutes an indirect prompt injection surface.
- Ingestion points: Reading external UPGRADE.md files from GitHub or through web searches (SKILL.md).
- Boundary markers: Absent.
- Capability inventory: Shell execution of composer, phpunit, and rector, along with directory deletion.
- Sanitization: No explicit sanitization or filtering of the changelog content is defined.
- Assessment: This surface is necessary for the intended functionality and targets authoritative documentation, thus it does not escalate the overall verdict.
Audit Metadata