typo3-core-contributions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow explicitly requires fetching and reading untrusted, user-generated content from public services — e.g., Forge issues at https://forge.typo3.org, Gerrit reviews at https://review.typo3.org (including fetching patchsets via refs/changes/), and GitLab CI job logs at https://git.typo3.org/typo3/CI/cms/-/jobs/ — which the agent is instructed to read and act on to determine fixes and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The documentation instructs fetching and installing an executable Git hook at runtime via curl from https://review.typo3.org/tools/hooks/commit-msg (curl ... > .git/hooks/commit-msg && chmod +x), which downloads remote code that will be executed locally and is relied upon by the workflow to generate/validate Change-Id, meeting the criteria for a risky runtime external dependency.