developing-with-prism
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses instructional language to guide the agent but does not attempt to bypass safety filters or override core instructions. Phrases like 'IMPORTANT: Always search the docs' are benign and context-appropriate.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file paths (e.g., SSH keys, env files) are accessed. The skill focuses on standard project files within the
vendor/andsrc/directories. - Remote Code Execution (SAFE): There are no patterns of piping remote content to a shell or executing untrusted scripts. It references standard PHP package installation via Composer.
- Indirect Prompt Injection (LOW): The skill directs the agent to ingest content from the
vendor/directory and project source files. While this is a vulnerability surface for indirect injection if those files were to contain malicious instructions, it is the intended and primary function of a documentation-searching skill. - Ingestion points: Files located in
vendor/prism-php/prism/docs/andsrc/. - Boundary markers: None specified for file reading operations.
- Capability inventory: File system read access via
read,grep, andglobtools. - Sanitization: None specified for the content of documentation files.
- Persistence & Privilege Escalation (SAFE): No commands related to system persistence or acquiring elevated privileges (e.g., sudo, crontab) are present.
Audit Metadata