devcontainer-helper
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references container images and features from well-known trusted registries, specifically the Microsoft Container Registry (mcr.microsoft.com) and the GitHub Container Registry for devcontainers (ghcr.io/devcontainers/features).
- [COMMAND_EXECUTION]: The skill describes how to utilize devcontainer lifecycle scripts such as postCreateCommand and postStartCommand, which are standard features for running setup commands within the containerized environment.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface because it processes user-provided environment requirements to generate a configuration file that includes executable hooks.
- Ingestion points: User-provided requirements for languages, tools, and setup in SKILL.md.
- Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the generation workflow.
- Capability inventory: The skill facilitates writing devcontainer.json files that support command execution via lifecycle scripts and custom image definitions.
- Sanitization: No mechanisms are specified for validating or escaping user input before it is used to construct the final configuration.
Audit Metadata