typo3-extension-upgrade
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to execute local development commands using
ddev,git,composer, and various static analysis tools (vendor/bin/rector,vendor/bin/phpstan). These are standard operations for PHP and TYPO3 development and are performed within the user's local environment. - [EXTERNAL_DOWNLOADS]: The instructions reference standard PHP packages (e.g.,
ssch/typo3-rector,a9f/typo3-fractor) to be installed via Composer. These are well-known and widely used community tools for TYPO3 migrations. - [REMOTE_CODE_EXECUTION]: No remote code execution patterns were found. All script executions involve locally installed binaries and project-specific configuration files.
- [DATA_EXFILTRATION]: No network operations or attempts to access sensitive system files (like SSH keys or environment variables) were detected.
- [PROMPT_INJECTION]: The skill does not contain instructions that attempt to override agent behavior or bypass safety filters. It uses natural instructional language relevant to software development.
- [INDIRECT_PROMPT_INJECTION]: While the skill involves processing and transforming code which could theoretically contain instructions, the surface is limited to established static analysis tools (Rector, Fractor) and the skill itself contains no vulnerable interpolation of untrusted data.
Audit Metadata