Skills
skills/mdhb2/aix-skillpack/php-pro/Gen Agent Trust Hub

php-pro

Fail

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [CREDENTIALS_UNSAFE]: Hardcoded database credentials found in code examples within reference files. File 'references/async-patterns.md' contains 'password' => 'password' and 'root:password@localhost/database' in connection examples.
  • [COMMAND_EXECUTION]: The skill requires executing local binaries and shell commands. 'SKILL.md' instructs the agent to run 'vendor/bin/phpstan analyse --level=9' and 'vendor/bin/phpunit', as well as 'mkdir -p .aix'.
  • [PROMPT_INJECTION]: Vulnerability to indirect prompt injection through processing untrusted data with executable capabilities. Ingestion points: local project files referenced in 'SKILL.md'. Boundary markers: absent. Capability inventory: shell execution of local binaries. Sanitization: absent.
  • [DATA_EXFILTRATION]: Performs network operations to non-whitelisted domains. File 'references/async-patterns.md' includes code examples that fetch data from 'api.example.com' using Swoole coroutine clients.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 16, 2026, 01:22 AM
Security Audit — agent-trust-hub — php-pro