The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to orchestrate container operations via podman or docker. Analysis of rhdh_local/compose.py reveals that commands are constructed as lists from hardcoded components and boolean-driven flags, avoiding shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The scripts/fetch-plugin-metadata.py script retrieves plugin definitions and OCI metadata from the author's own GitHub repository (redhat-developer/rhdh-plugin-export-overlays). This functionality is limited to fetching structured YAML data used to configure the local development environment.
[SAFE]: The restoration logic in rhdh_local/backup.py implements thorough validation for archive extractions. It explicitly checks for absolute paths and parent directory traversals (..) in tarball members and ensures that all files remain within the designated workspace root before extraction.
[CREDENTIALS_UNSAFE]: The tool manages sensitive configuration files like .env. It correctly identifies these as sensitive assets, ensuring they are excluded from version control via .gitignore patterns and providing clear warnings to the user when they are included in backups.

rhdh-local