docker-dev-env-php
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a specialized CLI tool, orodc, to perform environment management tasks, including starting containers (orodc up), managing proxies (orodc proxy), and executing application-specific commands such as cache clearing or database exports.
- [EXTERNAL_DOWNLOADS]: Instructions are provided to install the orodc tool via Homebrew from the author's repository (digitalspacestdio/docker-compose-oroplatform). This is a vendor-owned resource.
- [CREDENTIALS_UNSAFE]: The skill documents default administrative credentials (e.g., 12345678, $ecretPassw0rd, and oro/oro) for local development environments to facilitate testing and initial setup.
- [PROMPT_INJECTION]: The skill utilizes the orodc agents command to fetch CMS-specific guidance and coding rules, which introduces a surface for indirect prompt injection if the project-level documentation or markers are manipulated.
- Ingestion points: orodc agents command output and project root markers like composer.json.
- Boundary markers: None identified in the skill instructions.
- Capability inventory: Includes subprocess execution via orodc, file system interaction through Docker, and database management commands.
- Sanitization: No explicit sanitization or validation of the fetched guidance is described.
Audit Metadata