Skills
skills/scalekit-inc/skills/implementing-scalekit-laravel-auth/Gen Agent Trust Hub

implementing-scalekit-laravel-auth

Fail

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions for a validateTokenAndGetClaims method that performs manual base64 decoding and JSON parsing of JWT payloads while explicitly omitting cryptographic signature verification. This approach trusts unverified external data, enabling token forgery and authentication bypass.
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the firebase/php-jwt package via Composer. This is a standard dependency for JWT handling, though the provided implementation fails to use its verification capabilities.
  • [COMMAND_EXECUTION]: The instructions include several standard Laravel development commands such as composer require, php artisan key:generate, php artisan migrate, and php artisan serve for application setup and execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 23, 2026, 08:26 PM