rhdh-context

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly states RHDH will load dynamic plugins from third‑party sources listed in dynamic-plugins.yaml (OCI images such as quay.io, tgz archive URLs, and npm packages), and those plugins can override core services and API factories—meaning untrusted external content is ingested at runtime and can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly states that dynamic plugins are loaded at runtime from external OCI image URLs (e.g., oci://quay.io/org/plugin:v1.0.0!plugin-name-dynamic) and tgz/npm package URLs, which are fetched and executed as code by RHDH, so these runtime-fetched URLs can execute remote code.