filament-shield
Pass
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the generation of code and configuration based on user-supplied parameters such as Panel IDs and role strategies. This creates a potential surface for indirect prompt injection where malicious input could influence the generated output.
- Ingestion points: User-provided inputs including Panel ID, auth provider model, and role strategy (SKILL.md).
- Boundary markers: There are no explicit instructions for the agent to use delimiters or ignore instructions embedded within the provided input data.
- Capability inventory: The skill involves modifying critical application files like
app/Models/User.phpand generatingapp/Policies/*Policy.phpfiles. - Sanitization: The workflow does not explicitly describe sanitization or validation steps for the user-supplied data before it is incorporated into the codebase.
Audit Metadata