analyze-php-logs
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted log data (e.g., Laravel, Monolog, Symfony, and PHP-FPM logs) which could contain malicious instructions embedded in error messages or stack traces. This identifies a surface for indirect prompt injection. However, the skill lacks high-risk capabilities like command execution or network access that could be exploited by such an injection.
- Ingestion points: Application log files (e.g., storage/logs/laravel.log, PHP-FPM slow logs) which may contain attacker-influenced content.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are provided to separate parsed log content from agent instructions.
- Capability inventory: The skill utilizes 'Read' and 'Grep' tools for file analysis. No subprocess calls, evaluation/execution, or network operations were identified across the instructions.
- Sanitization: The skill does not describe any specific sanitization, validation, or escaping of the log data before it is presented to the agent.
Audit Metadata