atmos-devcontainer
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
atmos devcontainer execandshellcommands, which allow for the execution of arbitrary commands within managed containers.\n - Evidence: Examples show execution of commands like
terraform planandaws sts get-caller-identityinside the container.\n- [CREDENTIALS_UNSAFE]: The documentation includes configuration templates that demonstrate mounting sensitive host directories into containers.\n - Evidence: Mount specifications in
SKILL.mdinclude bind mounts for${HOME}/.awsand${HOME}/.ssh, which exposes host credentials to the container environment.\n- [EXTERNAL_DOWNLOADS]: The tool is designed to download container images from external registries.\n - Evidence: Configuration examples reference the
cloudposse/geodesicimage and support custom images via theimageorbuild.dockerfilefields.\n- [PROMPT_INJECTION]: The tool's ingestion of configuration files (atmos.yaml,devcontainer.json) represents an indirect prompt injection surface.\n - Ingestion points: The skill reads configuration from
atmos.yamland.devcontainer/devcontainer.json(via the!includetag).\n - Boundary markers: No explicit boundary markers or 'ignore' instructions for configuration data are mentioned.\n
- Capability inventory: The tool can execute arbitrary commands, mount sensitive host files, and run privileged containers.\n
- Sanitization: No evidence of input validation or sanitization for the configuration fields is provided in the documentation.
Audit Metadata