typo3-core-contributions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow and references (SKILL.md, references/forge-api.md, references/gerrit-workflow.md) explicitly instruct fetching and reading public Forge issue pages and Gerrit/GitLab CI logs (e.g., https://forge.typo3.org, https://review.typo3.org and linked CI job logs), which are untrusted user-generated web content that the agent is expected to interpret and which can materially influence actions like patch changes and CI-driven decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users to download and install a Git hook via curl from https://review.typo3.org/tools/hooks/commit-msg (curl -o "$(git rev-parse --git-dir)/hooks/commit-msg" https://review.typo3.org/tools/hooks/commit-msg && chmod +x ...), which fetches remote executable code that will run as a commit hook—i.e., an external URL fetched during setup that executes code and is relied upon by the workflow.