RHDH Backend Dynamic Plugin Bootstrap
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references official packages such as
@backstage/create-appand@red-hat-developer-hub/clivianpx. These are industry-standard tools for the Backstage and RHDH ecosystem. The use of specific versions in the compatibility matrix helps ensure deterministic and verifiable builds. - [COMMAND_EXECUTION] (SAFE): All command-line instructions provided (e.g.,
yarn build,podman push,npx plugin export) are standard for a developer workflow. The debugging instructions, while involving--inspect, are clearly scoped to local development environments. - [CREDENTIALS_UNSAFE] (SAFE): The skill correctly demonstrates best practices for secret management, using environment variable placeholders like
${DEPLOY_API_KEY}and referencing external configuration files like.npmrcorauth.jsonrather than embedding hardcoded credentials. - [REMOTE_CODE_EXECUTION] (SAFE): While the skill involves downloading and running CLI tools, these are sourced from established registries (npm) and are expected for the primary purpose of scaffolding a development project.
- [DATA_EXFILTRATION] (SAFE): No patterns of unauthorized data access or network requests to unknown domains were detected. Network operations are limited to container registries and package managers.
Audit Metadata