typo3-docs
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/extract-extension-config.shusesphp -rto execute code that includes the project'sext_emconf.phpfile. This constitutes dynamic execution of local project code from a computed path, which is a significant security consideration when analyzing code from unknown sources. - [REMOTE_CODE_EXECUTION]: The automated documentation workflow involves the dynamic loading and execution of PHP files from the local project directory. This mechanism creates a potential vector for arbitrary code execution if the skill is applied to a malicious repository.
- [EXTERNAL_DOWNLOADS]: The skill integrates with external resources to facilitate documentation rendering and metadata retrieval. It pulls a Docker image from the trusted
ghcr.io/typo3-documentationregistry and communicates with GitHub and GitLab APIs. These operations are conducted with well-known, trusted services. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Extraction scripts, such as
scripts/extract-php.shandscripts/extract-extension-config.sh, do not sanitize data extracted from project files before embedding it into internal JSON reports. Content containing double quotes or other control characters could disrupt the JSON structure or inject unintended data fields that might influence the AI agent's reasoning. - Ingestion points: PHP class files,
ext_emconf.php, andext_conf_template.txtin the analyzed project. - Boundary markers: Data is stored in JSON files, but lacks proper character escaping in the construction scripts.
- Capability inventory: Subprocess execution for Docker and PHP, file system writes, and network access via GitHub/GitLab CLIs.
- Sanitization: Largely absent in the scripts responsible for generating the JSON data from PHP and configuration sources.
Audit Metadata