php
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION] (SAFE): No malicious bypass or override patterns detected. The use of mandatory workflow language is restricted to the skill's intended operational logic.- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials or network calls to external domains. Data handling is limited to internal interfaces (memoryStore and contextProvider).- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an attack surface for indirect prompt injection as it processes user-provided project data to update internal memory and generate reports. \n
- Ingestion points: User prompts and project files (SKILL.md, Step 1-4)\n
- Boundary markers: Absent\n
- Capability inventory: memoryStore.update, file-writing to /claudedocs/\n
- Sanitization: Not specified.- [REMOTE_CODE_EXECUTION] (SAFE): No remote scripts are downloaded or executed. References to Composer, PHPUnit, and Laravel are within the context of development guidance.
Audit Metadata