docker-extend
Warn
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses dynamic context injection (the
!syntax) inSKILL.mdto automatically execute shell commands likegrepandcatwhen the skill is loaded. These commands are used for environment discovery and file inspection without user intervention. - [DATA_EXFILTRATION]: The skill automatically reads the contents of
docker-compose.override.ymlandDockerfile.uservia shell commands during the load process. These files often contain sensitive information such as environment variables, local development credentials, or API tokens. This process silently harvests the file contents into the agent's prompt context. - [PROMPT_INJECTION]: The skill captures user-provided tool names from
$ARGUMENTSand interpolates them directly into a DockerfileRUNcommand block. The absence of sanitization or validation logic allows for indirect prompt injection, where a malicious user could provide input that adds arbitrary Dockerfile instructions or shell commands to the build process.
Audit Metadata