Skills
skills/0xshe/php-code-audit-skill/php-deser-audit/Gen Agent Trust Hub

php-deser-audit

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface
  • Ingestion points: The skill is designed to ingest and analyze untrusted PHP project source code (SKILL.md).
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions to prevent the agent from obeying commands embedded within the code being audited.
  • Capability inventory: The agent identifies vulnerability locations, traces data flow, and generates proof-of-concept (PoC) code and audit reports (SKILL.md).
  • Sanitization: There is no evidence of sanitization or escaping mechanisms for the external code content before it is processed by the agent or included in the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 02:33 AM
Security Audit — agent-trust-hub — php-deser-audit