typo3-core-contributions
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows established best practices for TYPO3 Core contributions. All referenced scripts and workflows are consistent with the intended purpose of the skill.\n- [COMMAND_EXECUTION]: The skill references local scripts (scripts/verify-prerequisites.sh, scripts/setup-typo3-coredev.sh) and core TYPO3 test scripts (./Build/Scripts/runTests.sh). These commands are necessary for the development environment setup and code validation as part of the primary skill purpose.\n- [EXTERNAL_DOWNLOADS]: The skill's installation process fetches the skill configuration from a public GitHub repository. This is a standard distribution method for such tools and targets a well-known service.\n- [PROMPT_INJECTION]: The skill is designed to process data from external TYPO3 Forge issue tracker URLs. While this represents a potential surface for indirect prompt injection, the skill's activities are constrained to a local development workflow.\n
- Ingestion points: TYPO3 Forge issue URLs (referenced in SKILL.md)\n
- Boundary markers: Not explicitly defined in the provided instruction text\n
- Capability inventory: Execution of local setup/test scripts and Git operations (SKILL.md)\n
- Sanitization: Not mentioned in the workflow instructions
Audit Metadata