openchoreo-platform-engineer

This module is not overtly malicious; it primarily functions as a privileged container build-and-package step. The primary security concerns are structural: (1) privileged execution, (2) build-time execution of Dockerfile logic via podman build using parameters that shape Dockerfile behavior (build-env/build-args) and select filesystem paths for the Dockerfile/context, and (3) shell-driven command construction with limited quoting/escaping, making upstream parameter trust and validation critical. Integrity risks also exist due to unpinned tool image tags used to run jq and Podman runner utilities.