php-development
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/xampp-setup.ps1 performs system configuration changes, including modifying php.ini and httpd.conf, and attempts to start Windows services (Apache2 and MySQL). These operations generally require administrative permissions and pose a risk to system stability and security posture if executed by an automated agent without explicit human oversight.
- [DATA_EXFILTRATION]: Metadata in SKILL.md includes the hardcoded absolute path C:/Users/LOQ/.agents/skills/, which reveals the local system username 'LOQ' from the author's environment. While not an active exfiltration of user data, it is an unnecessary exposure of local environment information.
- [SAFE]: The skill provides guidance for processing untrusted user data with appropriate security measures such as PDO prepared statements and sanitization. (Ingestion points: SKILL.md, references/php-8-4-api-patterns-2026.md; Boundary markers: absent; Capability inventory: examples/pdo-database-patterns.php (database access), references/php-8-4-api-patterns-2026.md (file reading); Sanitization: present (input validation and escaping logic)).
Audit Metadata