Skills
skills/redhat-developer/rhdh-skill/create-backend-plugin/Gen Agent Trust Hub

create-backend-plugin

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes a Python script (scripts/scaffold.py) that automates the creation of a Backstage application and plugin by executing npx and yarn commands. These commands are executed using subprocess.run with argument lists, which is a secure practice for process management.
  • [EXTERNAL_DOWNLOADS]: During the scaffolding process, the skill downloads official packages and CLI tools from the npm registry, such as @backstage/create-app and @red-hat-developer-hub/cli. These are legitimate resources required for the intended development workflow.
  • [SAFE]: Technical analysis of the automation scripts confirms that user-provided inputs, such as the plugin identifier, are validated against strict regular expressions to prevent command injection. No patterns of data exfiltration, obfuscation, or unauthorized persistence were detected.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:49 AM