integration-laravel
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The integration workflow requires the agent to ingest and analyze 10 to 15 source code files from the user's project to identify event tracking opportunities. This creates a surface for indirect prompt injection where malicious instructions embedded in project comments or code could influence agent behavior.\n
- Ingestion points: Project source code files identified during the process defined in references/basic-integration-1.0-begin.md.\n
- Boundary markers: No delimiters or specific boundary instructions are present to isolate the ingested content from the agent's instructions.\n
- Capability inventory: The skill is designed to perform file modifications and suggests the use of command-line tools such as composer and php artisan across several scripts.\n
- Sanitization: No sanitization or instructions to ignore embedded instructions are provided for the analysis phase.\n- [COMMAND_EXECUTION]: The integration guide and example project documentation reference the execution of standard development commands, including composer install, php artisan migrate, and php artisan serve. These are standard operations for managing Laravel dependencies and application state.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the official PostHog PHP SDK using the command composer require posthog/posthog-php. This is the intended behavior for the integration of the vendor's service.
Audit Metadata