The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill provides instructions for docker run and docker exec. These commands allow the agent to execute any command inside a container. Since Docker often runs with root-level privileges or has access to the host file system via flags like -v (volume mounting), this can lead to host-level compromise.
[EXTERNAL_DOWNLOADS] (MEDIUM): Commands such as docker pull and docker build download container images and layers from remote registries. These images contain executable code and configurations from external sources that are not verified by the skill itself.
[REMOTE_CODE_EXECUTION] (HIGH): The combination of docker pull followed by docker run constitutes a download-and-execute pattern (Category 4). This allows the execution of untrusted remote code on the local environment within the container's context.
[CREDENTIALS_UNSAFE] (LOW): The Postgres workflow example in SKILL.md uses POSTGRES_PASSWORD=secret. While intended as a placeholder, it demonstrates an insecure pattern of hardcoding credentials in environment variables which could be leaked in process lists or logs.
[PROMPT_INJECTION] (HIGH): (Category 8) High Indirect Prompt Injection vulnerability. The skill enables the agent to process external data (Dockerfiles, Docker Compose YAMLs) and take high-impact actions (building and running code). There are no boundary markers or sanitization steps mentioned to prevent a malicious Dockerfile from overriding agent instructions or exfiltrating data via volume mounts or network requests.

docker-essentials