dockerfile-validator

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read and print Dockerfile contents (sed), run grep that will surface matching secret/token lines, and produce code-level fixes without any redaction rules, so it can require emitting secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's explicit Fallback A instructs running docker build --no-cache -f "$TARGET_DOCKERFILE" "$DOCKERFILE_DIR", which will cause the Docker daemon to pull base images and execute any networked RUN/CURL commands in the Dockerfile (i.e., content from public registries or arbitrary URLs), meaning untrusted third‑party content can be fetched and influence validation/output.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The validator script will, at runtime, install and run external tooling (pip installs of hadolint-bin and checkov which fetch code from PyPI — e.g. https://pypi.org/project/hadolint-bin/ and https://pypi.org/project/checkov/ — and the fallback may pull/run the hadolint Docker image hadolint/hadolint from Docker Hub: https://hub.docker.com/r/hadolint/hadolint), which means remote code is fetched and executed as a required dependency.