php-route-mapper
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses high-priority directives such as 'CRITICAL: 完整输出(强制)' (Critical: Full Output [Mandatory]) and '禁止' (Forbidden) to control agent behavior. While intended to prevent the model from summarizing or omitting technical data (a requirement for thorough security audits), these keywords mirror patterns used in constraint-override attacks.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted source code and incorporates it into the agent's context without clear isolation or safety instructions regarding the content of those files.
- Ingestion points: The skill reads arbitrary PHP source files from the user-specified
source_path. - Boundary markers: The prompt lacks explicit delimiters (e.g., XML tags or unique tokens) to separate instructions from the analyzed code, and fails to provide 'ignore instructions' warnings for content within comments or strings.
- Capability inventory: The skill has broad read access to the local project structure and the ability to write multiple Markdown files to the system.
- Sanitization: No sanitization, escaping, or validation of the extracted source code content is performed before processing or reporting.
Audit Metadata