typo3-content-blocks
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the 'friendsoftypo3/content-blocks' extension via Composer. This is a well-known and widely used community extension within the TYPO3 ecosystem. It also references vendor-specific forks from the 'webprofil' organization for v14 compatibility, which aligns with the author's stated development stack.
- [COMMAND_EXECUTION]: The instructions include standard TYPO3 and DDEV CLI commands (e.g., 'ddev typo3 make:content-block', 'ddev typo3 cache:flush') for extension management and development. These are expected for the skill's purpose.
- [PROMPT_INJECTION]: No patterns of behavior overriding or instruction bypass were detected. The skill uses instructional language consistent with technical documentation.
- [DATA_EXFILTRATION]: No suspicious network operations or sensitive file access patterns were found. The skill correctly identifies common sensitive paths and provides an .htaccess snippet to protect them from public access.
- [INDIRECT_PROMPT_INJECTION]: The skill describes processing user-supplied content elements via Fluid templates. It adheres to TYPO3 security standards by using Fluid's default auto-escaping and 'f:format.html' (lib.parseFunc) for safe processing of rich text content.
Audit Metadata