Skills
skills/marcoax/skills/technical-debt-manager-php-laravel/Gen Agent Trust Hub

technical-debt-manager-php-laravel

Pass

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Bash to execute several standard repository-level commands, including git log for churn analysis and php artisan for framework interaction. It also runs tests (php artisan test) and static analysis tools (phpstan, pint) located within the project's own directory.
  • [EXTERNAL_DOWNLOADS]: The skill performs composer install and composer audit, which connect to the official PHP package registry (Packagist). These are well-known and trusted services used for dependency management and security auditing.
  • [PROMPT_INJECTION]: The skill is designed to ingest and process external data from the target repository using Read and Grep. While this creates a surface for indirect prompt injection, the risk is inherent to the nature of a code analysis tool and is mitigated by the agent's internal safety protocols and the limited scope of the analysis tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 30, 2026, 07:12 PM
Security Audit — agent-trust-hub — technical-debt-manager-php-laravel