deploying-laravel-cloud
Fail
Audited by Snyk on Jul 7, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.85). The content contains deliberate patterns that enable remote code execution and potential data exfiltration (running arbitrary PHP/shell commands, fetching full --json payloads with sensitive resources) and explicitly recommends delegating verbose, sensitive outputs to subagents where the full output is hidden — behavior indicative of covert data access/exfiltration risk.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs fetching https://cloud.laravel.com/docs/llms.txt at runtime via WebFetch and to use that remote content to craft agent responses, meaning external content directly controls prompts.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata