RHDH Backend Dynamic Plugin Bootstrap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly documents loading dynamic plugins from arbitrary external sources (OCI images on quay.io, HTTP tgz URLs, and npm registries) via dynamic-plugins.yaml and packaging/hosting instructions (references/packaging-guide.md and examples/dynamic-plugins.yaml), which means the agent/environment will ingest untrusted third-party code/content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's dynamic-plugins configuration demonstrates runtime loading of external plugin packages (e.g., package: oci://quay.io//:v0.1.0 and package: https://plugin-registry.example.com/my-plugin-1.0.0.tgz) which RHDH fetches and executes as plugin code, so these URLs provide remote code that controls runtime behavior.