php-modern-standards
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No malicious override or bypass instructions were detected. The instruction to use the 'Superpowers plugin' is a behavioral directive for the agent's operational workflow rather than an attempt to bypass safety guidelines.
- [DATA_EXFILTRATION]: No evidence of data exposure or exfiltration. There are no hardcoded credentials, sensitive file path accesses, or unauthorized network operations.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns or unverifiable external dependencies were found. The skill consists entirely of static Markdown and PHP code examples.
- [COMMAND_EXECUTION]: The skill explicitly warns against command injection and provides safe alternatives (e.g., using PHP's native
filesize()instead ofshell_exec('ls -lh')). - [OBFUSCATION]: No forms of obfuscation (Base64, zero-width characters, homoglyphs, or encoded strings) were detected in the source files.
- [SAFE]: The content is highly defensive, offering detailed implementations for SQL injection prevention (using PDO prepared statements), XSS protection (output escaping), and secure password hashing (Argon2id).
Audit Metadata