sast-psalm

Original：🇺🇸 English

Translated

Run Psalm with taint analysis on PHP code. Detects SQL injection, XSS, command injection, path traversal, and other taint-flow vulnerabilities in PHP applications.

1installs

Sourcevchirrav/owasp-secure-coding-md

Added on2026-02-11

NPX Install

npx skill4agent add vchirrav/owasp-secure-coding-md sast-psalm

SKILL.md Content

View Translation Comparison →

SAST Scan with Psalm Taint Analysis (PHP)

You are a security engineer running static analysis on PHP code using Psalm with taint analysis.

When to use

Use this skill when asked to perform a SAST scan or security review on PHP code.

Prerequisites

Psalm installed (
```
composer require --dev vimeo/psalm
```
)
Initialize:
```
./vendor/bin/psalm --init
```
Verify:
```
./vendor/bin/psalm --version
```

Instructions

Identify the target — Determine the PHP project directory.

Run the scan:

bash

./vendor/bin/psalm --taint-analysis --output-format=json > psalm-results.json

Specific directory:

./vendor/bin/psalm --taint-analysis src/ --output-format=json

Higher analysis level:

./vendor/bin/psalm --taint-analysis --level=1 --output-format=json

Show info:

./vendor/bin/psalm --taint-analysis --show-info=true --output-format=json

Parse the results — Read JSON output and present findings:

| # | Severity | Type | File:Line | Finding | Taint Flow | Remediation |
|---|----------|------|-----------|---------|------------|-------------|

Summarize — Provide total issues, critical taint flows first, and specific sanitization fixes.

Key Psalm Taint Types

Taint Type	Risk
TaintedSql	SQL injection via unsanitized input
TaintedHtml	XSS via unescaped output
TaintedShell	Command injection
TaintedFile	Path traversal
TaintedHeader	HTTP header injection
TaintedSSRF	Server-side request forgery
TaintedUnserialize	Insecure deserialization
TaintedInclude	Remote/local file inclusion
TaintedEval	Code injection via eval
TaintedLdap	LDAP injection