phpstan-fixer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes standard command-line tools such as grep and cat for context gathering, as well as project binaries including composer, php artisan, and the local phpstan executable. These commands are essential for its primary function of static analysis and dependency management within a PHP project.\n- [EXTERNAL_DOWNLOADS]: The skill recommends installing trusted, well-known development packages such as larastan/larastan, phpstan/phpstan-symfony, and barryvdh/laravel-ide-helper through the official Composer package manager. These packages are industry standards for PHP development.\n- [PROMPT_INJECTION]: The skill ingests data from local files like AGENTS.md and project source code. While these are potential ingestion points for indirect instructions, the skill's capabilities are restricted to applying type-related code improvements, and it includes safeguards such as requiring user approval before suppressing errors.
Audit Metadata