typo3-workspaces
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides high-quality technical documentation for TYPO3 Workspaces, adhering to official platform conventions and security guidelines.
- [DATA_EXFILTRATION]: The skill includes a dedicated section warning about the 'Predictable Filename Security Problem' in TYPO3's File Abstraction Layer (FAL).
- Identifies that files uploaded in a workspace are physically accessible via guessed URLs before publication.
- Provides several valid security workarounds, such as using non-guessable filenames, private storage, or the 'secure_downloads' extension.
- [COMMAND_EXECUTION]: The skill provides standard command-line instructions for installing dependencies and managing TYPO3.
- Includes
composer require typo3/cms-workspacesandbin/typo3CLI commands. - Includes SQL setup scripts with clear warnings that they are intended for local development (DDEV) use only.
- [REMOTE_CODE_EXECUTION]: All referenced software packages are official or standard components within the TYPO3 ecosystem.
- References
typo3/cms-workspacesandtypo3/testing-framework. - No suspicious remote code execution patterns, such as piping network content directly to a shell, were found.
- [PROMPT_INJECTION]: The skill contains no instructions designed to bypass AI safety filters or override system behavior.
- Technical warnings labeled as 'CRITICAL' or 'WARNING' are appropriately used to highlight software limitations or environment-specific risks.
Audit Metadata