drupal-contrib-mgmt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation and example scripts (e.g., SKILL.md, examples/find-and-apply-patch.sh, references/issue-queue-rss-feeds.md) explicitly instruct fetching and parsing public Drupal issue pages, RSS feeds, and patch files from drupal.org and git.drupalcode.org (user-generated/untrusted content) and then using those results to decide and apply patches/updates, so third-party content can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's example scripts and composer workflows fetch and apply remote patch files at runtime (e.g., https://www.drupal.org/files/issues/2024-06-15/audiofield-file-validator-3432063-12.patch), which are remote code artifacts the installation routinely downloads and applies as required dependencies, so they can change/execute code in the runtime environment.