Skills
skills/bagelhole/devops-security-agent-skills/container-scanning/Gen Agent Trust Hub

container-scanning

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • Remote Code Execution (CRITICAL): The skill provides commands that download and execute scripts from the internet via piped shell. Evidence: curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh and curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh. These GitHub organizations (aquasecurity and anchore) are not in the pre-approved trusted source list.
  • Indirect Prompt Injection (MEDIUM): Vulnerability surface detected. 1. Ingestion points: Image names, remote container images, and local filesystem manifests. 2. Boundary markers: None present. 3. Capability inventory: Execution of local scanning binaries and cloud provider CLI tools (AWS, Azure, GCloud). 4. Sanitization: No sanitization logic provided for image metadata or scan results. This surface allows malicious image content to potentially influence the agent's decision-making process.
Recommendations
  • CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh, https://raw.githubusercontent.com/anchore/grype/main/install.sh - DO NOT USE
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 12:33 AM