caddy-reverse-proxy
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Instructions in
references/docker-patterns.mddescribe mounting the Docker socket (/var/run/docker.sock) into a container for thecaddy-docker-proxyplugin. This configuration grants the container full control over the host's Docker daemon, representing a privilege escalation risk. - [COMMAND_EXECUTION]: Documentation in
references/docker-patterns.mdandreferences/troubleshooting.mdsuggests the use ofsudofor administrative tasks such as modifying firewall rules (ufw) and inspecting network status (ss). - [EXTERNAL_DOWNLOADS]: The skill mentions downloading and building Caddy plugins from external GitHub repositories (e.g.,
github.com/caddy-dns/cloudflare) using thexcaddytool. - [PROMPT_INJECTION]: The configuration patterns exhibit an indirect prompt injection surface by interpolating environment variables directly into the Caddyfile without sanitization.
- Ingestion points: Environment variables (
{$DOMAIN},{$BACKEND}) used inreferences/caddyfile-syntax.mdandreferences/docker-patterns.md. - Boundary markers: None identified in the provided templates.
- Capability inventory: Configuration of web server routing, reverse proxies, and file access.
- Sanitization: None; the skill relies on the underlying application's configuration validation.
Audit Metadata