live-component
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documents an architecture for processing user-controlled data via data-model bindings and LiveProp properties, which constitutes a potential surface for indirect prompt injection if the agent interacts with untrusted inputs within these components. * Ingestion points: Data enters components through data-model attributes in Twig templates and state hydration in PHP classes (e.g., query prop in ProductSearch). * Boundary markers: No specific instruction-ignoring delimiters are defined in the provided examples. * Capability inventory: Documentation demonstrates server-side capabilities including database persistence (EntityManagerInterface), email dispatching (MailerInterface), and component-to-component communication (emit). * Sanitization: The framework relies on built-in security features like Symfony Forms validation and cryptographic checksums for state integrity.
- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing the symfony/ux-live-component package via Composer. This is an official package from the Symfony project, which is a well-known and trusted technology ecosystem.
Audit Metadata