analyze-yii2-project
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill analyzes external PHP codebases, which provides a surface for instructions embedded in code or comments to influence the analysis results.
- Ingestion points: PHP controller, model, and migration files from the user-provided project path.
- Boundary markers: No explicit delimiters or instructions to ignore embedded prompts are mentioned in the workflow.
- Capability inventory: Uses the
codecompassutility for AST analysis, semantic indexing, and requirements extraction. - Sanitization: No sanitization or validation of the processed code content is specified.
- Command Execution (SAFE): The skill utilizes local CLI commands (
codecompass,composer,curl) consistent with its purpose of technical analysis. All network operations are restricted to localhost services (Weaviate, Ollama).
Audit Metadata