laravel-quality
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): Recommends installing multiple PHP packages such as phpstan/phpstan, laravel/pint, and larastan/larastan which are not from the whitelisted trusted organizations.
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): Uses GitHub Actions from the shivammathur and actions organizations (e.g., shivammathur/setup-php, actions/checkout) which are not explicitly included in the trusted organizations list.
- Persistence Mechanisms (MEDIUM): Recommends the brainmaestro/composer-git-hooks package to manage scripts in .git/hooks, which establishes a persistence mechanism that executes code on every commit.
- Unverifiable Dependencies & Remote Code Execution (MEDIUM): Utilizes npx concurrently in the dev script, which involves fetching and executing a Node.js package from an external registry at runtime.
- COMMAND_EXECUTION (LOW): Defines several scripts for static analysis and formatting that execute binaries from the local vendor directory, which is standard for quality tooling but should be verified by the user.
Audit Metadata