Skills
skills/bjornmelin/dev-skills/docker-architect/Gen Agent Trust Hub

docker-architect

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (HIGH): High susceptibility to Indirect Prompt Injection during the template rendering process.
  • Ingestion points: scripts/render_template.py ingests data from CLI arguments (--var), JSON files (--vars-file), and environment variables (DOCKER_ARCH_*).
  • Boundary markers: None. Variables are directly interpolated into Dockerfile and Compose templates using the {{VAR}} syntax.
  • Capability inventory: The skill is designed to execute docker build, docker run, and docker compose up --build on the resulting files via scripts/smoke_test_container.sh and scripts/smoke_test_compose.sh.
  • Sanitization: Absent. There is no escaping or validation of variable values. An attacker-controlled variable (e.g., DEV_COMMAND) could inject arbitrary shell commands into the final container configuration.
  • [COMMAND_EXECUTION] (HIGH): The skill automates the execution of powerful container management commands using configurations generated from untrusted inputs.
  • Evidence: scripts/smoke_test_container.sh and scripts/smoke_test_compose.sh wrap docker and docker compose binaries, allowing the agent to launch containers and mount volumes (e.g., -v ./:/app in docker-compose.dev.yml) based on files created during the session.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:25 AM