typo3-seo

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install TYPO3 extensions using Composer (e.g., typo3/cms-seo, brotkrueml/schema). The typo3/cms-seo extension is an official core component from a well-known organization.
  • [EXTERNAL_DOWNLOADS]: Includes a configuration for Google Analytics, which fetches a remote script from Google's Tag Manager (googletagmanager.com). This is a standard practice for web analytics.
  • [COMMAND_EXECUTION]: Provides standard CLI commands for TYPO3 development environments (using ddev) to manage packages and extension state, such as ddev composer require and ddev typo3 extension:setup.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface.
  • Ingestion points: Data is pulled from TYPO3 page properties (page:description) and record fields (e.g., tx_news_domain_model_news) into meta tags and structured data.
  • Boundary markers: Data is interpolated into TypoScript meta objects and Fluid ViewHelpers (<f:page.meta>).
  • Capability inventory: The skill configures SEO metadata and JSON-LD structured data which are rendered in the site's HTML header.
  • Sanitization: The skill proactively recommends security best practices, such as using htmlSpecialChars = 1 for meta tags and json_encode for structured data to prevent broken markup or injection.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:03 AM
Security Audit — agent-trust-hub — typo3-seo