docker-rocker
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill demonstrates a strong security posture by incorporating hardening techniques such as multi-stage builds to minimize image size and attack surface, and the use of non-root users in runtime stages.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were found. The skill includes explicit warnings against copying .env files or hardcoding secrets, recommending the use of environment variables and Docker secrets instead.
- [EXTERNAL_DOWNLOADS]: External resources are restricted to trusted, well-known official images (Python) and tools (astral-sh/uv) from reputable registries. No suspicious remote code execution or untrusted downloads were detected.
- [COMMAND_EXECUTION]: Shell scripts provided for building, testing, and scanning images use standard Docker CLI commands. These scripts are well-documented and do not involve the execution of arbitrary or obfuscated strings.
- [PROMPT_INJECTION]: The skill maintains strict instructional boundaries, focusing on automation and analysis of project structures without any patterns indicating attempts to bypass safety filters or extract system prompts.
Audit Metadata