image-management
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill provides commands such as
docker run --rm -it -v /var/run/docker.sock:/var/run/docker.sock wagoodman/dive:latestand the Trivy scanning example. These commands pull external images and execute them with host socket access. A malicious image at these tags could use the mounted socket to take full control of the host machine. - [COMMAND_EXECUTION] (HIGH): The skill is designed to have an agent execute powerful system-level commands (e.g.,
docker rmi -f,docker build). If the agent processes untrusted input to determine image names or build paths, it is vulnerable to command injection or system disruption. - [EXTERNAL_DOWNLOADS] (MEDIUM): The instructions encourage pulling images from various remote sources (
docker pull nginx,docker pull registry.example.com/myapp). Without Docker Content Trust (DCT) or specific digest pinning (SHA256), the agent is susceptible to pulling poisoned or malicious images. - [CREDENTIALS_UNSAFE] (LOW): Includes instructions for
docker loginandhtpasswdgeneration. While no secrets are hardcoded, these workflows handle sensitive credentials that could be exposed if the command history or environment is not secured.
Recommendations
- AI detected serious security threats
Audit Metadata