containerization-best-practices
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The script 'scripts/image-scanner.sh' is vulnerable to shell command injection. It uses an unvalidated positional argument directly in shell commands (e.g., 'docker image inspect "$image"'). If an agent passes unsanitized user input to this script, it could lead to arbitrary command execution on the host system.
- PROMPT_INJECTION (LOW): The skill implements Indirect Prompt Injection surfaces through its diagnostic scripts.
- Ingestion points: 'scripts/dockerfile-linter.py' (line 21) and 'scripts/dockerfile-validator.py' ingest untrusted Dockerfile content for analysis.
- Boundary markers: Absent. The output is generated as JSON or plain text without explicit delimiters to prevent the agent from obeying instructions embedded in the analyzed Dockerfiles.
- Capability inventory: The skill possesses the ability to execute host commands via 'subprocess.run' (in 'scripts/image-optimizer.py') and shell scripts.
- Sanitization: No sanitization is performed on the content of the Dockerfiles being analyzed.
Audit Metadata