test-plan
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to run numerous shell commands, including
ls,cat,find,grep, andphp artisan route:list, to map out the application's structure and logic. - [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection due to its broad ingestion of untrusted data. \n
- Ingestion points: Processes contents of all PHP files across directories like
app/,database/,config/, androutes/(Phase 1: Deep Discovery). \n - Boundary markers: No delimiters or safety instructions are provided to prevent the agent from obeying malicious instructions embedded in comments or strings within the analyzed codebase. \n
- Capability inventory: The agent possesses the capability to execute shell commands and write to the filesystem. \n
- Sanitization: No sanitization or validation logic is applied to the content read from the repository.
- [DATA_EXFILTRATION]: Accesses sensitive application configuration files, including
config/auth.php,config/permission.php, andconfig/cashier.php. It also reads database migrations and seeders which may expose security policies, billing logic, and sensitive test data.
Audit Metadata