laravel-security
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill correctly instructs developers to avoid using
env()outside of configuration files to prevent credential exposure when configuration is cached. This is a standard security best practice in Laravel development. - [EXTERNAL_DOWNLOADS]: The skill references the
spatie/laravel-permissionpackage, which is a well-known, trusted industry-standard library for role-based access control in Laravel. - [COMMAND_EXECUTION]: The skill uses
php artisancommands, which are the standard command-line interface for the Laravel framework and are intended for legitimate development tasks like generating boilerplate code. - [INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface by reading files from
app/Policies/**/*.phpandconfig/*.php. While these are potential ingestion points for untrusted data if the project code is malicious, the skill's purpose is to harden these specific areas against known vulnerabilities. - Ingestion points:
app/Policies/**/*.php,config/*.php. - Boundary markers: Not explicitly defined in the instructions.
- Capability inventory: The agent provides code generation and security hardening instructions based on the files it reads.
- Sanitization: No explicit sanitization of read content is mentioned, which is typical for a defensive instruction set.
Audit Metadata