rhdh-local

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's enable-plugin workflow explicitly fetches plugin metadata from the public GitHub repository (see workflows/enable-plugin.md Step 1) using scripts/fetch-plugin-metadata.py which reads raw files from raw.githubusercontent.com and the GitHub API, so untrusted third‑party repo content is parsed and used to decide package OCI references and configuration that the tool will apply.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill runs scripts at runtime (scripts/fetch-plugin-metadata.py) that fetch plugin metadata from GitHub (https://api.github.com/repos/redhat-developer/rhdh-plugin-export-overlays/contents/... and https://raw.githubusercontent.com/redhat-developer/rhdh-plugin-export-overlays/main) and uses that fetched YAML to determine package OCI references and drive the "enable plugin" workflow, so external content directly controls what the skill will instruct the user to add (and which artifacts to enable).