The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/extract-extension-config.sh dynamically executes the project's ext_emconf.php file using php -r "include ...;". This pattern of executing code from the directory being analyzed represents a medium-severity risk if the target project contains malicious code.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by extracting content from untrusted project files (such as PHP docblocks and Markdown files) and presenting it to the agent in reports like ANALYSIS.md without sanitization.
Ingestion points: PHP files in Classes/, README.md, CHANGELOG.md, and ext_conf_template.txt.
Boundary markers: None identified in the generated JSON data or analysis reports to delimit extracted content.
Capability inventory: The skill has access to shell execution (php, docker, sed, grep), file read/write, and network access (via gh and glab CLI tools).
Sanitization: No filtering or escaping of extracted content is performed before it is interpolated into reports for the agent.
[EXTERNAL_DOWNLOADS]: The skill references and pulls the official TYPO3 documentation rendering image ghcr.io/typo3-documentation/render-guides:latest via Docker. This is a trusted source and is considered safe under the trust scope rule.

typo3-docs