docker_hub-automation
Fail
Audited by Gen Agent Trust Hub on Feb 14, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface for indirect prompt injection by combining external data ingestion with sensitive write capabilities. Ingestion points:
DOCKER_HUB_GET_ORGANIZATIONandDOCKER_HUB_LIST_REPOSITORIESingest data from Docker Hub namespaces, including repository descriptions and full Markdown README content. Boundary markers: Absent; there are no instructions for the agent to treat fetched data as untrusted or to ignore embedded commands. Capability inventory: Includes high-privilege operations such asDOCKER_HUB_ADD_ORG_MEMBER(modifying access control) andDOCKER_HUB_CREATE_WEBHOOK(triggering external notifications). Sanitization: Absent; no validation or escaping of external content is specified before processing. - [External Downloads] (MEDIUM): The skill requires connection to a third-party MCP server at
https://rube.app/mcp. This domain is not included in the list of verified trusted sources, posing a risk regarding the integrity and origin of the tool definitions.
Recommendations
- AI detected serious security threats
Audit Metadata