rhdh-catalog-index
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes several command-line tools including
skopeo,tar,jq, andpython3to manage OCI images and extract their contents. These operations are restricted to local temporary directories and used for inspection purposes. \n- [EXTERNAL_DOWNLOADS]: The skill downloads OCI images and metadata fromquay.ioandghcr.io. These are well-known container registries used for distributing official software components. \n- [DATA_EXFILTRATION]: No evidence of unauthorized data transmission was detected. The skill uses network operations to fetch metadata and images from reputable sources. \n- [PROMPT_INJECTION]: The skill processes content from external OCI images, which introduces a potential attack surface for indirect prompt injection. \n - Ingestion points: Data is ingested from the local
package.jsonfile and remote OCI image artifacts (layers and annotations). \n - Boundary markers: The skill does not define specific delimiters or include instructions for the agent to ignore potential instructions embedded within the extracted YAML or metadata. \n
- Capability inventory: The skill allows the execution of system commands (
skopeo,tar,python3) and filesystem writes to temporary directories. \n - Sanitization: Structural validation is provided via JSON and YAML parsing, but the skill lacks semantic sanitization of the values retrieved from external registries.
Audit Metadata