typo3-extension-upgrade
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill involves the execution of standard developer tools (rector, fractor, php-cs-fixer, phpstan, phpunit) for code migration, analysis, and testing. These commands are essential for the extension upgrade workflow and do not exhibit malicious behavior.\n- [EXTERNAL_DOWNLOADS]: The instructions reference official TYPO3 documentation and well-known community tools on GitHub (sabbelasichon/typo3-rector, andreaswolf/fractor), which are trusted resources within the TYPO3 ecosystem.\n- [PROMPT_INJECTION]: As the skill is designed to process external codebases, it possesses an attack surface for indirect prompt injection if malicious instructions are embedded in the target code.\n
- Ingestion points: PHP, TypoScript, XML, YAML, and Fluid source files in the extension being upgraded.\n
- Boundary markers: The instructions mandate running tools in dry-run mode and performing a manual review of all automated changes.\n
- Capability inventory: Local execution of code analysis, transformation tools, and test runners.\n
- Sanitization: Standard tool boundaries are relied upon; no additional sanitization is defined in the instructions.
Audit Metadata