php-yii-audit
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through untrusted code processing.
- Ingestion points: The skill reads project source files (controllers, models, views, composer.json) from a user-provided directory.
- Boundary markers: The instructions lack delimiters or instructions to ignore embedded commands within the audited code, which could allow malicious comments or strings to influence agent behavior.
- Capability inventory: The agent analyzes file logic and generates security reports based on the content of these files.
- Sanitization: No sanitization or escaping of the file content is required or performed before the agent processes the information.
Audit Metadata