typo3-powermail
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted user data via TYPO3 Powermail forms, which is then processed by finishers with broad capabilities such as writing to arbitrary database tables or posting to external APIs. This creates an inherent surface for indirect prompt injection. Ingestion points: Web-based form submission fields described in SKILL.md and SKILL-EXAMPLES.md. Boundary markers: None explicitly implemented to isolate user content from system instructions in automated agent workflows. Capability inventory: Writing to database tables (SaveToAnyTableFinisher) and transmitting data to external endpoints (SendParametersFinisher). Sanitization: Standard Powermail validation and spam protection are mentioned but are not designed to mitigate adversarial prompt injection targeting AI agents.
- [SAFE]: External extension dependencies (in2code/powermail) are sourced from well-known official vendors in the TYPO3 ecosystem.
- [SAFE]: Hardcoded configuration values in examples, such as API keys and URLs, are clearly identifiable as non-functional placeholders.
Audit Metadata