Skills
skills/gabeosx/agent-skills/apple-container-skill/Gen Agent Trust Hub

apple-container-skill

Warn

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Skill utilizes run_shell_command to execute container and system management tasks.
  • [COMMAND_EXECUTION]: Explicitly requires sudo for administrative actions like DNS configuration (container system dns create).
  • [REMOTE_CODE_EXECUTION]: Provides functionality to execute arbitrary commands inside containers via run and exec subcommands.
  • [REMOTE_CODE_EXECUTION]: Supports SSH agent forwarding (--ssh), which can expose host SSH keys to the containerized environment.
  • [EXTERNAL_DOWNLOADS]: Allows pulling container images from remote registries and installing kernels from external binary paths.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface.
  • Ingestion points: Processes user-provided arguments for container names, images, domains, and shell commands in SKILL.md.
  • Boundary markers: Absent; user inputs are not enclosed in delimiters to prevent instruction leakage.
  • Capability inventory: All operations leverage run_shell_command, including those with system-wide impact.
  • Sanitization: No validation or escaping of user-provided shell arguments is mentioned or implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 5, 2026, 07:47 PM