typo3-idea-extension-blog
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests untrusted data from external websites via tool-assisted fetching to research ideas and generate TYPO3 extension code and blog posts. Maliciously crafted content in these external sources could potentially influence the agent's behavior during the code generation or publication process.
- Ingestion points: External URLs fetched during the 'Research & Verify' phase in SKILL.md.
- Boundary markers: Absent; external content is summarized and processed directly.
- Capability inventory: File system writes for extension structure, shell command execution for Git operations, and network access for repository pushes.
- Sanitization: No explicit sanitization or instruction-ignoring delimiters are specified for the processed content.
- [DATA_EXFILTRATION]: Credential Handling Risk. The skill workflow involves configuring Git authentication and remotes to push code to external repositories. Although the skill includes non-negotiable instructions to remove tokens and credentials immediately after use, their presence in the environment or configuration during the process poses a risk of exposure.
- Evidence: Cleanup instructions found in the 'Non-Negotiables' and 'Push to GitHub' sections of SKILL.md.
Audit Metadata