typo3-conformance
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is functionally a static analysis toolkit. It contains legitimate shell scripts used to audit TYPO3 extensions for standards compliance. No suspicious or malicious code patterns were identified across any of the 40 files analyzed.
- [COMMAND_EXECUTION]: The skill provides several Bash scripts (e.g.,
scripts/check-architecture.sh,scripts/check-coding-standards.sh) that use standard Linux utilities such asgrep,find,wc,jq, andsedto analyze project source code. These scripts perform safe static analysis and do not incorporate untrusted input into shell execution in a dangerous manner. - [EXTERNAL_DOWNLOADS]: Reference files (e.g.,
references/ter-publishing.md,references/best-practices.md) recommend the use of official community tools and official Docker images (such astypo3/tailorandghcr.io/typo3/core-testing-php). These references point to established, well-known services within the TYPO3 ecosystem and do not constitute a security risk. - [PROMPT_INJECTION]: The markdown instructions in
SKILL.mdand reference files are purely technical and educational. They do not contain any patterns intended to bypass AI safety guardrails or manipulate the underlying agent's behavior. - [CREDENTIALS_UNSAFE]: The skill documentation correctly identifies the risk of hardcoded secrets and provides patterns for encrypted storage of API keys in backend configuration (as seen in
references/multi-tier-configuration.md). No hardcoded credentials were found in the skill itself.
Audit Metadata