drupal-contrib-mgmt

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill repeatedly instructs fetching and parsing untrusted public content (e.g., Drupal issue pages, RSS feeds, and patch/merge-request URLs on drupal.org and git.drupalcode.org such as https://www.drupal.org/node/... and https://www.drupal.org/files/issues/...), which the agent is expected to read and interpret as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and applies remote patch files at runtime (for example via curl/composer) such as https://www.drupal.org/files/issues/2024-06-15/audiofield-file-validator-3432063-12.patch, which would pull and apply external code into the runtime codebase—meeting the criteria for a risky externally controlled runtime dependency.