drupal-update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The skill explicitly fetches release notes via scripts/fetch_changelog.php from drupal.org and parses composer outdated/show JSON for drupal/* package metadata—both public, third‑party/user-generated sources that the agent is expected to read and interpret as part of its workflow, which can enable indirect prompt injection.