diff --git a/collector/utils/extensions/DrupalWiki/DrupalWiki/index.js b/collector/utils/extensions/DrupalWiki/DrupalWiki/index.js
index 9ca62593..a4b20069 100644
--- a/collector/utils/extensions/DrupalWiki/DrupalWiki/index.js
+++ b/collector/utils/extensions/DrupalWiki/DrupalWiki/index.js
@@ -11,6 +11,8 @@ const {
   sanitizeFileName,
   writeToServerDocuments,
   documentsFolder,
+  normalizePath,
+  isWithin,
 } = require("../../../files");
 const { default: slugify } = require("slugify");
 const path = require("path");
@@ -312,10 +314,14 @@ class DrupalWiki {
         }
 
         const buffer = await attachmentResponse.arrayBuffer();
-        const localFilePath = `${WATCH_DIRECTORY}/${fileName}`;
-        require("fs").writeFileSync(localFilePath, Buffer.from(buffer));
+        const localFilePath = normalizePath(sanitizeFileName(path.resolve(WATCH_DIRECTORY, fileName)));
+        if (!isWithin(path.resolve(WATCH_DIRECTORY), localFilePath)) {
+          console.error(`[DrupalWiki Loader]: File name ${localFilePath} is not within the storage path ${path.resolve(WATCH_DIRECTORY)}`);
+          continue;
+        }
 
-        await processSingleFile(fileName);
+        require("fs").writeFileSync(localFilePath, Buffer.from(buffer));
+        await processSingleFile(localFilePath);
       }
     } catch (err) {
       console.error(`Fetching/processing attachments failed:`, err);