orbstack-best-practices
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The file consists entirely of Markdown documentation and command examples for the OrbStack utility.
- [PRIVILEGE_MANAGEMENT] (LOW): Documentation includes instructions for accessing VMs as root (
orb -u root) and configuring passwordless sudo in cloud-init. These are legitimate features of the tool being documented and are presented in a technical context. - [DATA_EXPOSURE] (LOW): The skill identifies paths to sensitive files, such as the OrbStack SSH private key (
~/.orbstack/ssh/id_ed25519) and Docker configuration. This information is provided for setup purposes and does not contain logic to exfiltrate these credentials. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill facilitates interaction with external environments (VMs and containers). This creates an ingestion surface for untrusted data, though the skill itself does not provide unsafe interpolation or sanitization bypasses.
- Ingestion points: Interactions with Linux VMs and Docker containers via
orbanddockercommands. - Boundary markers: Not applicable to static documentation.
- Capability inventory: Subprocess execution via
orbandmaccommands, file read/write viaorb push/pull. - Sanitization: None specified in the documentation, as it is a guide for tool usage.
Audit Metadata