laravel
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns detected. The skill provides extensive documentation on security best practices for Laravel development, including protection against SQL injection, mass assignment, and cross-site scripting (XSS).
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill follows secure data handling practices. It explicitly warns against logging sensitive information like passwords, API keys, or personally identifiable information (PII) in the
logging.mdreference. It also recommends using.envfiles for secret management, which is a standard and safe practice. - [REMOTE_CODE_EXECUTION]: The skill uses well-known and trusted packages from the Laravel ecosystem and Spatie. It provides instructions for building AI agents and MCP servers, but these are structured within safe PHP classes and delegation patterns (Actions) rather than using dangerous functions like
eval()orexec()on untrusted input. - [INDIRECT_PROMPT_INJECTION]: While the skill describes processing external data (common in web APIs), it provides robust mitigation strategies. It instructs the use of Form Requests for validation and
strip_tagsfor sanitization, effectively limiting the attack surface.
Audit Metadata