dockerfile-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill enforces security-hardened defaults in all generated Dockerfiles, such as mandatory non-root user configuration and the exclusion of sensitive files via a comprehensive .dockerignore template.
- [SAFE]: The generation scripts (e.g., generate_nodejs.sh, generate_python.sh) implement robust input sanitization through functions like escape_json_string and escape_sed_replacement, mitigating risks of shell or command injection when processing user-provided arguments.
- [SAFE]: The deterministic execution model requires a validation-iteration loop using tools like dockerfile-validator, hadolint, or checkov, ensuring that generated artifacts are audited for vulnerabilities and best practice violations before delivery.
- [SAFE]: No malicious patterns such as prompt injection, data exfiltration, persistence mechanisms, or unauthorized privilege escalation were identified in the skill instructions or supporting scripts.
- [SAFE]: External references and base images target well-known and trusted repositories (e.g., Docker Hub, GCR distroless, eclipse-temurin), and documentation lookups are prioritized through trusted internal contexts.
Audit Metadata