laravel-boost
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection as it processes untrusted data from the local environment. \n- Ingestion points: The skill reads data from database queries and system log files (referenced in SKILL.md). \n- Boundary markers: No boundary markers or 'ignore' instructions are defined in mcp.json. \n- Capability inventory: The skill has high capabilities, including the ability to run PHP code (via Tinker) and Artisan commands. \n- Sanitization: No sanitization or escaping of data retrieved from logs or the database is visible. \n- COMMAND_EXECUTION (SAFE): The skill executes the local command
php artisan boost:mcp, which is the intended behavior for an MCP server bridging to a Laravel application.
Audit Metadata