laravel-security

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXPOSURE]: The skill correctly instructs developers to avoid using env() outside of configuration files to prevent credential exposure when configuration is cached. This is a standard security best practice in Laravel development.
  • [EXTERNAL_DOWNLOADS]: The skill references the spatie/laravel-permission package, which is a well-known, trusted industry-standard library for role-based access control in Laravel.
  • [COMMAND_EXECUTION]: The skill uses php artisan commands, which are the standard command-line interface for the Laravel framework and are intended for legitimate development tasks like generating boilerplate code.
  • [INDIRECT_PROMPT_INJECTION]: The skill identifies an attack surface by reading files from app/Policies/**/*.php and config/*.php. While these are potential ingestion points for untrusted data if the project code is malicious, the skill's purpose is to harden these specific areas against known vulnerabilities.
  • Ingestion points: app/Policies/**/*.php, config/*.php.
  • Boundary markers: Not explicitly defined in the instructions.
  • Capability inventory: The agent provides code generation and security hardening instructions based on the files it reads.
  • Sanitization: No explicit sanitization of read content is mentioned, which is typical for a defensive instruction set.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 08:56 PM
Security Audit — agent-trust-hub — laravel-security