laravel-refactor
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation references well-known development tools and official repositories (such as Laravel Pint, PHPStan, and Pest) for installation via standard package managers like Composer and NPM. These references are informative and consistent with the skill's primary function of modernizing PHP development environments.\n- [COMMAND_EXECUTION]: The skill includes a local script,
scripts/analyze_code.py, which is used to perform static analysis on user-provided codebases. The script operates using standard Python libraries to identify code smells through regular expressions and does not execute the PHP code it analyzes.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it is designed to ingest and process untrusted user-supplied PHP source files.\n - Ingestion points: User-provided PHP files are read by the
scripts/analyze_code.pyscript and manually by the agent during the refactoring process.\n - Boundary markers: The skill does not currently implement specific delimiters or instructions to ignore potential natural language commands embedded within code comments in the files being analyzed.\n
- Capability inventory: The agent has the capability to execute the local Python analysis script and read file contents from the project directory.\n
- Sanitization: No specific sanitization or filtering of the content within the PHP files is performed prior to processing by the agent.
Audit Metadata