Trust Assessment
wp-phpstan received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 2 critical, 0 high, 0 medium, and 0 low severity. Key findings include Agent instructed to execute untrusted Composer scripts, Agent instructed to execute untrusted `vendor/bin` executable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on June 1, 2026 (commit 9b1e542c). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Agent instructed to execute untrusted Composer scripts The skill explicitly instructs the agent to 'Prefer the repo’s existing `composer` script' and 'Run PHPStan using the discovered command (`composer run ...`)'. The `scripts/phpstan_inspect.mjs` script identifies these scripts from the untrusted `composer.json` file. A malicious `composer.json` could define a script that executes arbitrary commands (e.g., `"phpstan": "rm -rf /"`), leading to command injection when the agent follows these instructions. The agent should never directly execute commands found in untrusted configuration files (like `composer.json` scripts) without explicit user confirmation or a robust sandboxing mechanism. If execution is necessary, the agent should parse the command and only execute known-safe binaries with controlled arguments, or prompt the user for approval. | LLM | SKILL.md:27 | |
| CRITICAL | Agent instructed to execute untrusted `vendor/bin` executable The skill instructs the agent to 'Run PHPStan using the discovered command (`...` or `vendor/bin/phpstan analyse`)'. The `scripts/phpstan_inspect.mjs` script identifies the path to `vendor/bin/phpstan`. In an untrusted repository, the `vendor/bin/phpstan` executable could be replaced with a malicious script by an attacker. Executing this discovered command would lead to arbitrary command execution. The agent should never directly execute binaries from an untrusted `vendor/bin` directory without explicit user confirmation or a robust sandboxing mechanism. If execution is necessary, the agent should verify the integrity of the executable (e.g., by hashing against a known good version) or prompt the user for approval. | LLM | SKILL.md:87 |
Scan History
Embed Code
[](https://skillshield.io/report/1bfbc33db04df712)
Powered by SkillShield