Skills
skills/kadel/claude-plugins/RHDH Frontend Dynamic Plugin Bootstrap/Gen Agent Trust Hub

RHDH Frontend Dynamic Plugin Bootstrap

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): File references/frontend-wiring.md specifies instructions for fetching dynamic plugins from OCI registries (e.g., oci://quay.io/example/my-plugin). As the registry and packages are not from a pre-verified trusted source, this introduces a dependency risk.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The system architecture described in references/frontend-wiring.md and references/entity-page.md relies on dynamically loading and executing JavaScript modules (importName) from these external OCI packages at runtime.
  • [DATA_EXFILTRATION] (LOW): Code snippets in references/entity-page.md demonstrate fetching data based on entity metadata (e.g., fetchData(entity)), which could be leveraged to exfiltrate sensitive entity annotations if the destination is not controlled.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:34 AM