SAIL

/

Operate - Safe Execution Environment - Sandbox

/

Dynamic/On-the-Fly Dependency Injection

6.3

.

Dynamic/On-the-Fly Dependency Injection

sail
6.3
Risk

Dynamic/On-the-Fly Dependency Injection

Description

Agent fetches/loads plugins, libraries, or code packages during execution, introducing supply chain, malware, or licensing risks.

Example

Agent installs a PyPI package at runtime that contains a backdoor or violates software license.

Assets Affected

Agentic platform (no code)

Tool / function

Coding agent (config)

Mitigation
  • Disable or tightly control dynamic loading of code/dependencies
  • Use pre-approved allowlists
  • Scan dependencies for vulnerabilities and license compliance
  • Monitor and log all installation attempts
Standards Mapping
  • ISO 42001: A.10.3, A.6.2.6
  • OWASP Top 10 for LLM: LLM03
  • NIST AI RMF: GOVERN 6.1, MANAGE 3.1
  • DASF v2: MODEL 7.3, ALGORITHMS 5.4