The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill metadata contains an installation command that fetches the SKILL.md content from a GitHub repository using curl. This is a standard procedure for skill distribution and utilizes a well-known service.
[COMMAND_EXECUTION]: The documentation includes various shell commands for setting file permissions (chmod, chown) and removing installation flags (rm). These are intended as educational hardening steps and do not contain malicious logic or command injection vulnerabilities.
[SAFE]: The skill follows security best practices by recommending the use of QueryBuilder to prevent SQL injection, Fluid templates for XSS protection, and Argon2id for password hashing. Hardcoded placeholders for sensitive values like encryption keys are used correctly as instructions for the user.

typo3-security