laravel-vector-search
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill implements a workflow for ingesting user-provided content into a vector database. While this involves processing untrusted data, the code templates use standard Laravel security practices (Eloquent query builder) which protect against SQL injection. The data is passed to an embedding SDK (
Laravel\Ai\Embeddings), which is the standard pattern for RAG (Retrieval-Augmented Generation) applications. - Ingestion points:
VectorSearchService::ingestandVectorSearchService::searchmethods take string inputs derived from user data. - Boundary markers: The templates demonstrate programmatic handling of data rather than direct prompt interpolation, reducing the risk of accidental instruction obedience.
- Capability inventory: Database writes (via Eloquent), model creation, and network requests (via the AI SDK).
- Sanitization: Uses Laravel's built-in database abstraction and demonstrates the use of session-based filtering (
auth()->id()) to ensure data isolation. - [COMMAND_EXECUTION]: The skill includes instructions for the AI agent to utilize specific sub-agents (
fuse-ai-pilot) and tools (mcp__context7__query-docs). These are standard orchestration patterns for agentic workflows and do not involve arbitrary shell execution or safety bypasses. - [CREDENTIALS_UNSAFE]: No hardcoded API keys or secrets were detected. The templates correctly use environment-agnostic model identifiers and recommend standard Laravel practices for sensitive data management.
Audit Metadata