The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes Python scripts, scaffold.py and export-plugin.py, which utilize the subprocess module to execute development commands such as yarn, npx, and container management tools (podman or docker). These operations are the primary intended functionality of the skill to facilitate plugin development.
[REMOTE_CODE_EXECUTION]: The automation scripts leverage npx to dynamically fetch and run official developer tools, specifically @backstage/create-app and @red-hat-developer-hub/cli. These resources originate from trusted organizations (Red Hat and Backstage) and are required for the RHDH plugin lifecycle.
[PROMPT_INJECTION]: The wiring command documentation involves the agent analyzing local source code files like package.json and src/plugin.ts. While this presents a surface for indirect prompt injection, it is a low-risk inherent characteristic of code-analysis tasks and no malicious patterns were observed.
[SAFE]: The author redhat-developer and the utilized resources are consistent with the official Red Hat Developer Hub ecosystem. No indicators of data exfiltration, obfuscation, or persistence were found.

create-plugin