The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill contains a script (fetch-docs.sh) that retrieves documentation content from official TYPO3 organizations on GitHub (TYPO3-Documentation and TYPO3). These are well-known, trusted sources, and the downloads are restricted to documentation files (.rst) for the purpose of maintaining a local reference cache.
[COMMAND_EXECUTION]: The skill provides utility scripts (lookup.sh, detect-version.sh) used for searching documentation and identifying the current project's TYPO3 version. These scripts are implemented securely, utilizing environment variables to pass data to nested Python calls, which prevents shell injection vulnerabilities.
[DATA_EXPOSURE]: No sensitive data exposure was detected. The scripts read public configuration files like composer.json to assist with version-aware development suggestions. Hardcoded credentials or secrets were not found.
[PROMPT_INJECTION]: The skill does not contain instructions that attempt to override AI safety filters or manipulate the agent's core behavior. Instead, it provides constructive instructions for code review and best practices, including a dedicated security reference that teaches the agent how to identify and prevent XSS in Fluid templates.

typo3-typoscript-ref