This does not look safe/clean to me:
$form['hfs_header']['scripts'] = [
'#type' => 'textarea',
'#title' => $this->t('Insert the Main Script Tag from CookiePro here. Remove the comments at the start and end of the script and then save the configuration.'),
'#default_value' => isset($header_section['scripts']) ? $header_section['scripts'] : '',
'#rows' => 10,
];
It shoudl instead ask for the UUID from OneTrust and generate the script in a safer, controlled way
Needs work
1.0
Documentation
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.