php-modernization
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/verify-php-project.shexecutes local shell commands and the PHPStan static analysis tool. These operations are restricted to project verification and are consistent with the skill's primary purpose. - [PROMPT_INJECTION]: The skill's analysis of PHP source code presents an indirect prompt injection surface. However, the logic is confined to code quality reviews and does not involve high-risk capabilities that could be exploited via malicious code comments.
- [SAFE]: The skill demonstrates security best practices, particularly in the
adapter-registry-pattern.mdreference, which provides examples of encrypted API key handling and PSR-compliant implementation.
Audit Metadata