The Agent Skills Directory

[COMMAND_EXECUTION]: The skill facilitates the use of command-line tools like php artisan and vendor/bin/pint, and the tinker MCP tool for running arbitrary PHP code. These capabilities are expected for the task but represent a high level of system access.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it directs the agent to follow instructions from external project files. * Ingestion points: Documentation files (AGENTS.md, docs/README.md) and configuration files. * Boundary markers: None; the agent is not told to ignore instructions in these files. * Capability inventory: Access to CLI commands and arbitrary code execution via tinker. * Sanitization: No sanitization of the file content is performed.

laravel-11-12-app-guidelines