laravel-ai-sdk

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The references/templates/StreamingController.php.md file ingests untrusted user data through the transcript request parameter.
  • Boundary markers: The agent templates do not include explicit delimiters or instructions to ignore potential commands embedded within the input transcripts.
  • Capability inventory: The SalesCoach agent implemented in references/templates/Agent.php.md has access to the SearchProducts tool (database access) and FileSearch tool (vector store access).
  • Sanitization: Input is filtered via standard Laravel request validation (type and length checks) but lacks semantic sanitization to prevent instruction override.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:28 AM
Security Audit — agent-trust-hub — laravel-ai-sdk