docker-essentials
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the execution of arbitrary processes on the host and within containers using
docker run,docker exec, anddocker-compose exec.- [COMMAND_EXECUTION]: Instructions for volume mounting (-v /host/path:/container/path) allow containers to interact with the host filesystem, which can be abused for unauthorized data access or modification.- [COMMAND_EXECUTION]: The skill documents how to execute commands with root privileges inside containers (docker exec -u root), facilitating elevated access within container environments.- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from container environments, creating a surface for indirect prompt injection. - Ingestion points: Container logs (
docker logs), interactive command output (docker exec), and configuration metadata (docker inspect) (SKILL.md). - Boundary markers: No delimiters or safety instructions are provided to help the agent distinguish data from instructions.
- Capability inventory:
docker run,docker exec,docker build,docker-compose up,docker system prune(SKILL.md). - Sanitization: No sanitization or validation mechanisms are mentioned for processing external container data.
Audit Metadata