docker-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The utility script
scripts/docker_helper.shfacilitates interaction with the Docker daemon, offering commands to open interactive shells in containers (open_shell), restart containers (restart_container), and manage volume backups using transient containers.\n- [DATA_EXFILTRATION]: Theshow_envfunction inscripts/docker_helper.shretrieves and displays all environment variables for a specified container. This capability can be used to expose sensitive information, such as API keys or database credentials, if they are stored in the container's environment.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from container environments.\n - Ingestion points: Container logs via
view_logs, container metadata viainspect_container, and process lists viashow_processesinscripts/docker_helper.sh.\n - Boundary markers: No delimiters or instructions are provided to the agent to ignore potentially malicious content within these data streams.\n
- Capability inventory: The skill has broad capabilities to execute commands, modify container states, and interact with the host file system (backups) through
scripts/docker_helper.sh.\n - Sanitization: There is no evidence of sanitization or validation of the data retrieved from containers before it is processed by the agent.
Audit Metadata