trivy
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSNO_CODE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides documentation for executing the
trivycommand with user-controlled parameters. If an agent executes these commands using unsanitized user input (e.g., image names or local paths), it creates a vector for arbitrary command injection.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill demonstrates commands liketrivy imageandtrivy repowhich pull data from external, potentially untrusted sources. This allows external content to be introduced into the environment.\n- [INDIRECT_PROMPT_INJECTION] (HIGH): (Category 8) The skill's primary purpose is to process untrusted external data (container images, filesystems, and git repositories). This data is a known vector for embedding malicious instructions designed to subvert agent logic.\n - Ingestion points:
trivy image [target],trivy fs [target],trivy repo [target](SKILL.md).\n - Boundary markers: None present in the documentation.\n
- Capability inventory: Shell command execution via
trivy(SKILL.md).\n - Sanitization: Not addressed; the documentation encourages direct execution based on user-supplied targets.
Recommendations
- AI detected serious security threats
Audit Metadata