php-testing
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The documentation and examples in
SKILL.mdreference external GitHub Actions (shivammathur/setup-php,codecov/codecov-action) and the Composer package manager. While industry standard, these are not within the trusted organization list provided in the security policy. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its core function of analyzing external PHP code provided by users.
- Ingestion points: External PHP source files and test files processed by the agent.
- Boundary markers: No explicit delimiters or instructions to ignore embedded code comments are present.
- Capability inventory: Code reasoning, test generation, and CI/CD workflow modification.
- Sanitization: No input sanitization or filtering is performed by the skill's scripts.
Audit Metadata