saas-seeder
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implements a transparent bootstrapping workflow intended for local development environments. It focuses on project-specific configuration and standard architecture patterns.
- [COMMAND_EXECUTION]: The skill instructs the agent to run several local commands including Composer for dependency management, PowerShell scripts (.\setup-database.ps1, .\fix-database.ps1) for database maintenance, and starting a local PHP server for super-admin creation. These actions are appropriate for the skill's stated purpose of project initialization.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of standard PHP development tools such as PHPStan, Pest, and PHP CS Fixer from the official Packagist repository. These are well-known, high-reputation packages within the PHP ecosystem.
- [PROMPT_INJECTION]: The skill provides a surface for processing user-defined requirements and schemas which could be used for indirect prompt injection.
- Ingestion points: Files within the docs/project-requirements/ and database/schema/ directories.
- Boundary markers: No explicit delimiters or safety instructions are defined to encapsulate these inputs.
- Capability inventory: The agent can execute shell commands and modify local project files based on these inputs.
- Sanitization: No automated validation or sanitization of the input documents is specified, relying instead on the agent's contextual processing.
Audit Metadata