Affected script: "install-scripts:post-install-cmd"
The provided script installs a PHP package using phive, a tool for managing PHP packages. The flags --force-accept-unsigned and --trust-gpg-keys followed by various keys indicate that the script will force the installation of packages even if they are unsigned or signed with keys not originally trusted. This could lead to the installation of malicious software, as it bypasses an important security measure designed to ensure that only trusted, verified packages are installed.
sitepark/github-composer-release-test's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.