SAIL 2.0

/

Operate - Safe Execution Environment - Sandbox

/

Dynamic / On-the-Fly Dependency Injection

6.3

.

Dynamic / On-the-Fly Dependency Injection

sail
6.3
Risk

Dynamic / On-the-Fly Dependency Injection

Description

Agent fetches/loads plugins, libraries, or code packages during execution, introducing supply chain, malware, or licensing risks.

Example

Agent installs a PyPI package at runtime that contains a backdoor or violates software license.

Assets Affected

Agentic Platform

Agent Config

Tool

Mitigation
  • Disable or tightly control dynamic loading of code/dependencies
  • use pre-approved allowlists
  • scan dependencies for vulnerabilities and license compliance
  • monitor and log all installation attempts.
Standards Mapping
  • ISO: A.10.3, A.6.2.6
  • OWASP agentic: ASI04, ASI05
  • OWASP LLM: LLM03:2025
  • EU AI Act: Art. 25, Art. 15(5)
  • DASF: Algorithms 5.4, Agents-MCP Server 13.21
  • AIUC-1: E006, B006