php-laravel-audit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a set of static analysis guidelines for the Laravel framework. It directs the AI agent to look for legitimate security patterns, such as missing CSRF protection, insecure session configurations, and improper data handling in models.
- [PROMPT_INJECTION]: While the skill processes untrusted source code from a local directory (an indirect prompt injection surface), it does not grant the agent dangerous capabilities or instruct it to bypass safety filters. The primary purpose is defensive security auditing, and no direct injection attempts are present in the skill metadata or body.
- [DATA_EXFILTRATION]: The skill requires access to a local
source_pathand writes findings to anoutput_path. These operations are limited to the local file system as per the provided instructions and do not involve network requests or unauthorized data transmission.
Audit Metadata