drupal-contrib-mgmt
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill includes instructions to generate full database dumps using
drush sql:dump > backup-before-update.sql. This action creates a file containing all application data, including users and configurations, within the workspace, which could lead to unauthorized exposure if the file is not properly secured.- [COMMAND_EXECUTION]: The skill provides multiple example shell scripts that modify configuration files (cat >> composer.json), perform file system operations (rm -rf,ln -s), and execute system commands to manage dependencies, git repositories, and patches.- [EXTERNAL_DOWNLOADS]: The skill fetches content from external URLs ondrupal.org, such as patch files (.patch) and RSS feeds for issue tracking. These are then used for code updates or information processing by the agent. Whiledrupal.orgis a well-known service, these downloads represent a significant attack surface.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. - Ingestion points: Data is ingested from
.info.ymlfiles,drush upgrade_statusoutput, and RSS feeds fromdrupal.org(references/issue-queue-rss-feeds.md). - Boundary markers: Absent. The skill provides no instructions to use delimiters or warnings when processing these external data streams.
- Capability inventory: The skill possesses significant capabilities including file system modification, network access via
curl, and package management viacomposeranddrush. - Sanitization: No validation or escaping is performed on the ingested content before it is processed by the agent.
Audit Metadata