Skills
skills/0xshe/php-code-audit-skill/php-ldap-audit/Gen Agent Trust Hub

php-ldap-audit

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious instructions, obfuscation, or unauthorized data access patterns were identified in the skill definition.
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the rg (ripgrep) command-line utility for the purpose of static code analysis, which is a standard and expected operation for a source code auditing tool.
  • [PROMPT_INJECTION]: As an auditing tool that processes untrusted PHP source files, the skill has an inherent surface for indirect prompt injection. This is a known risk for code analysis agents and is considered safe in this context due to the structured evidence collection and reporting requirements. Evidence Chain: 1. Ingestion points: External PHP source code files. 2. Boundary markers: Not explicitly defined for the input content. 3. Capability inventory: Use of rg for searching and writing audit reports to the local file system. 4. Sanitization: No specific sanitization for the audited code is implemented within the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 02:34 AM
Security Audit — agent-trust-hub — php-ldap-audit