typo3-solr
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides authoritative guidance based on official documentation. Code examples for PHP and JavaScript follow standard TYPO3 extension development practices and security principles.
- [REMOTE_CODE_EXECUTION]: Automated scanners flagged several commands where curl output is piped to python3. Manual inspection confirms these are safe debugging commands that use 'python3 -m json.tool' to format JSON responses from a local Solr instance. They do not execute remote content as code.
- Evidence in SKILL.md:
ddev exec curl -s http://solr:8983/solr/core_en/admin/ping | python3 -m json.tooland similar diagnostic commands. - [COMMAND_EXECUTION]: Includes instructions for using CLI tools (curl, composer, ddev) to manage local infrastructure. These operations are restricted to the local development environment or internal network services (e.g., solr:8983, tika:9998).
- [EXTERNAL_DOWNLOADS]: References official software repositories and documentation from trusted organizations (Apache, TYPO3, DDEV). No downloads from untrusted or high-risk third-party sources were identified.
- [PROMPT_INJECTION]: Evaluated for indirect prompt injection vulnerability with a low risk profile.
- Ingestion points: The skill ingests user search queries and indexes content from TYPO3 records and files (PDF, DOCX) via EXT:solr and EXT:tika.
- Boundary markers: Relies on standard TYPO3 indexing logic; specific LLM boundary markers are not explicitly defined in the technical setup.
- Capability inventory: The skill facilitates search indexing and retrieval but does not expose arbitrary command execution or file system access to the search input.
- Sanitization: Employs the
SOLR_CONTENTobject to sanitize indexed data by stripping HTML and RTE formatting.
Audit Metadata