Skills
skills/redhat-developer/rhdh-skill/export-and-package/Gen Agent Trust Hub

export-and-package

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the Red Hat Developer Hub CLI tool via npx to perform the plugin export and packaging process.
  • The tool @red-hat-developer-hub/cli is an official utility provided by the vendor for managing dynamic plugins.
  • Remote execution is constrained to this specific, legitimate developer tool as part of the intended build pipeline.
  • [COMMAND_EXECUTION]: The automation script scripts/export-plugin.py executes system commands to build and package software artifacts.
  • The script uses subprocess.run() with argument lists to invoke yarn, npm, podman, docker, and npx.
  • By passing arguments as lists rather than shell strings, the script avoids common command injection vulnerabilities.
  • The script provides an option to clean build artifacts using shutil.rmtree, which is restricted to the local dist and dist-dynamic directories.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 10:49 AM