typo3-seo
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install TYPO3 extensions using Composer (e.g.,
typo3/cms-seo,brotkrueml/schema). Thetypo3/cms-seoextension is an official core component from a well-known organization. - [EXTERNAL_DOWNLOADS]: Includes a configuration for Google Analytics, which fetches a remote script from Google's Tag Manager (
googletagmanager.com). This is a standard practice for web analytics. - [COMMAND_EXECUTION]: Provides standard CLI commands for TYPO3 development environments (using
ddev) to manage packages and extension state, such asddev composer requireandddev typo3 extension:setup. - [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface.
- Ingestion points: Data is pulled from TYPO3 page properties (
page:description) and record fields (e.g.,tx_news_domain_model_news) into meta tags and structured data. - Boundary markers: Data is interpolated into TypoScript meta objects and Fluid ViewHelpers (
<f:page.meta>). - Capability inventory: The skill configures SEO metadata and JSON-LD structured data which are rendered in the site's HTML header.
- Sanitization: The skill proactively recommends security best practices, such as using
htmlSpecialChars = 1for meta tags andjson_encodefor structured data to prevent broken markup or injection.
Audit Metadata