laravel-controllers
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill defines patterns for handling user-controlled data through Laravel Controllers and Query Objects, which represents an indirect prompt injection surface where external inputs (HTTP requests, URL parameters) are processed during code generation or testing.
- Ingestion points: Data entering the system via
CreateOrderRequest,UpdateOrderRequest, and URL-based filtering inOrderIndexQuery. - Boundary markers: Employs Laravel's native Form Request validation and Spatie Query Builder's whitelist-based
allowedFiltersandallowedSortsto define boundaries for untrusted input. - Capability inventory: Demonstrated capabilities include database model interaction, HTTP response construction, and file organization.
- Sanitization: Emphasizes strict validation using
request->validated()and explicit allowed lists to ensure external content is sanitized before processing. - [COMMAND_EXECUTION]: Provides examples of PHP and shell-based testing using the Pest framework. These examples are standard development practices for unit and feature testing and do not involve arbitrary or malicious command execution.
- [EXTERNAL_DOWNLOADS]: Mentions well-known and trusted community packages such as Spatie Query Builder and the Pest testing framework. These references are neutral and consistent with standard Laravel ecosystem development.
Audit Metadata