laravel-quality-checks
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides commands to execute local binaries and scripts including vendor/bin/pint, phpstan, psalm, and php artisan. These commands run directly on the host system with the agent's permissions.
- [PROMPT_INJECTION] (HIGH): This skill exhibits a high-risk attack surface for indirect prompt injection (Category 8) because it processes external content (the project codebase) and possesses code execution capabilities. 1. Ingestion points: Project source code, configuration files, and test suites processed by the linting and testing tools (SKILL.md). 2. Boundary markers: Absent. The skill does not implement delimiters or safety instructions to isolate the execution environment from potentially malicious code embedded in the project files. 3. Capability inventory: Subprocess execution of PHP binaries and scripts which can execute arbitrary code during testing (php artisan test) or analysis phases (SKILL.md). 4. Sanitization: Absent. No validation or sanitization is performed on the files or codebase before they are processed by the tools.
Recommendations
- AI detected serious security threats
Audit Metadata