rhdh-catalog-index

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and inspects public OCI images (e.g., quay.io/rhdh/plugin-catalog-index and ghcr.io/... plugin images) and parses package YAML and the io.backstage.dynamic-packages annotation from those images as part of its workflow, so untrusted third-party content is read and used to build dynamic-plugins.yaml and drive actions.