typo3-testing
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes shell scripts (
scripts/setup-testing.sh,scripts/generate-test.sh) and a complex test runner (assets/Build/Scripts/runTests.sh) that orchestrates Docker containers for testing. These scripts are standard developer utilities for TYPO3 environments and operate within expected project boundaries. - [CREDENTIALS_UNSAFE]: Hardcoded default credentials and Argon2 password hashes were detected in test fixtures (
assets/fixtures/be_users.csv) and CI configuration templates (assets/github-actions-e2e.yml). These values (e.g., 'password', 'Joh316!!') are explicitly documented as test-only defaults for local and CI environments and do not represent a production security risk. - [EXTERNAL_DOWNLOADS]: The skill configures the download of Docker images from official repositories (GitHub Container Registry, Docker Hub) and installs Node.js/Composer packages from established registries (NPM, Packagist). These sources (e.g.,
ghcr.io/typo3/core-testing-php,mcr.microsoft.com/playwright) are well-known and trusted in the development community.
Audit Metadata