php-injection-audit
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a static knowledge base and instructional framework for performing manual or semi-automated PHP source code audits. It does not execute any commands, perform network operations, or access sensitive files.
- [SAFE]: All code snippets included in the skill and its reference files are illustrative examples of vulnerable and secure coding patterns for educational and auditing purposes. They do not represent executable malicious payloads within the skill context.
- [SAFE]: No obfuscation, hidden instructions, or metadata poisoning attempts were detected. The skill is consistent with its stated purpose of assisting in security audits.
- [SAFE]: The skill mentions a dependency on data flow evidence from 'php-audit-pipeline', which is consistent with the vendor's (wgpsec) established tooling context and does not involve untrusted third-party package installations.
Audit Metadata