typo3-testing
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads official Docker images from GitHub Container Registry (
ghcr.io/typo3) and official package registries (NPM, PyPI, Packagist) for standard developer tools such as PHPUnit, PHPStan, and Playwright. - [COMMAND_EXECUTION]: The skill provides scripts like
runTests.shthat orchestrate containerized test environments. These scripts use proper security practices, such as user ID mapping (--user) to prevent filesystem permission issues, and are transparent in their operation. - [CREDENTIALS_UNSAFE]: Analysis found several credential-like patterns in test fixtures (e.g.,
assets/fixtures/be_users.csv). These are explicitly documented as placeholders for isolated test environments (e.g., password 'password') and do not represent real-world credential exposure. - [PROMPT_INJECTION]: The instructions for bypassing 'GitHub Push Protection' in
references/synthetic-secret-fixtures.mdare documented specifically for the legitimate purpose of testing secret-scanning software with synthetic data and do not attempt to bypass AI safety filters. - [DATA_EXFILTRATION]: Network operations are limited to checking service availability (
wget --spider) and validating GitHub Actions workflow references. No sensitive data access or transmission to unauthorized domains was detected.
Audit Metadata