container-ops
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill provides instructions to read untrusted data from container logs and inspection metadata. 1. Ingestion points: 'docker logs' and 'docker inspect' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Host command execution via 'docker run' and 'docker exec'. 4. Sanitization: Absent.
- Privilege Escalation (LOW): Standard Docker operations like volume mounting and 'docker cp' allow host filesystem interaction, which are high-privilege capabilities.
Audit Metadata