laravel-specialist
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill provides instructional content and code templates for Laravel development. It adheres to security best practices, such as recommending the use of environment variables for secrets and emphasizing input validation in generated code. No malicious logic, unauthorized network operations, or persistence mechanisms were detected across the analyzed files.
- [PROMPT_INJECTION]: The skill processes user-provided application requirements to generate code, which represents an indirect prompt injection surface. This is an inherent characteristic of coding-assistant skills and is well-mitigated by explicit security constraints in the instructions.
- Ingestion points: User-provided feature requests and application requirements provided in the primary interaction loop.
- Boundary markers: Absent; user input is not explicitly delimited in the provided instructions.
- Capability inventory: The skill provides templates for generating PHP application code, database migrations, and instructions for using the Laravel Artisan CLI toolset.
- Sanitization: The skill explicitly mandates safety measures in its 'MUST NOT DO' section, specifically forbidding the use of raw queries (to prevent SQL injection) and requiring comprehensive validation for all user input.
Audit Metadata