laravel-11-12-app-guidelines
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it instructs the agent to prioritize and follow instructions from external, potentially untrusted repository files.
- Ingestion points: The skill explicitly directs the agent to read
AGENTS.md,docs/README.md, and relevant module documentation to guide its behavior. - Boundary markers: No clear delimiters or instructions are provided to the agent to ignore embedded instructions within these data files.
- Capability inventory: The agent is granted access to high-privilege capabilities, including
tinker(arbitrary PHP execution),database-query(SQL access), andlist-artisan-commands(Artisan command execution). - Sanitization: No sanitization or validation logic is specified for the content processed from the repository files.
- [COMMAND_EXECUTION]: The skill guidelines instruct the agent to run various command-line interface (CLI) tools, including PHPUnit for testing, Laravel Pint for code styling, and various
php artisancommands. These are standard operations for the intended Laravel development workflow. - [NO_CODE]: This skill is composed exclusively of Markdown documentation files (
SKILL.mdandreferences/boost-tools.md) and does not bundle any executable scripts or binary files.
Audit Metadata