containerization-assistant
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill analyzes user project files and requirements to generate custom Docker and Kubernetes configurations, creating a surface for indirect prompt injection. * Ingestion points: The project analysis workflow (SKILL.md) reads user-provided application stacks and requirements. * Boundary markers: Absent; no specific delimiters or safety instructions are defined to separate untrusted project data from configuration logic. * Capability inventory: The skill generates Dockerfiles and manifests that are intended to be executed via 'docker build' and 'kubectl apply'. * Sanitization: No explicit sanitization or validation of project metadata is mentioned in the workflow.
- [COMMAND_EXECUTION]: Provides templates and instructions for executing container management commands including 'docker build', 'docker run', 'docker-compose up', and 'kubectl apply'.
- [EXTERNAL_DOWNLOADS]: Dockerfile templates pull official base images and dependencies from well-known services such as Docker Hub, npm, and PyPI.
Audit Metadata