The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The command php artisan dev:env:diff reads and compares environment files (e.g., .env), which commonly contain sensitive information such as database credentials, application keys, and third-party API tokens.\n- [EXTERNAL_DOWNLOADS]: The installation process involves downloading the grazulex/laravel-devtoolbox package from the external Composer repository (Packagist), which is not associated with the primary vendor or a recognized trusted organization.\n- [COMMAND_EXECUTION]: The skill is designed to run numerous shell commands via the php artisan CLI. Documentation examples also demonstrate the use of shell_exec and automated scripts that perform network requests using curl.\n- [PROMPT_INJECTION]: This skill provides a surface for indirect prompt injection by reading application-specific data such as model definitions, route names, and SQL query traces that could be influenced by an attacker to include instructions for the agent.\n
Ingestion points: Application metadata retrieved by analysis commands in SKILL.md.\n
Boundary markers: Absent; no delimiters or instructions are provided to the agent to distinguish between tool output and potential embedded instructions.\n
Capability inventory: Extensive shell command execution (php artisan), sensitive file system access, and network operations.\n
Sanitization: No sanitization or validation of the application data is performed before it is presented to the agent context.

laravel-devtoolbox-cli