The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input from the 'Containerization Settings' and interpolates it directly into a Dockerfile. * Ingestion points: User-provided settings in SKILL.md such as 'Custom build steps', 'System packages', and 'Additional .NET tools'. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used for user-provided configuration. * Capability inventory: The skill executes 'docker build', 'apt-get install', and 'dotnet' CLI commands. * Sanitization: No validation or escaping logic is present to sanitize the user-supplied configuration strings before they are used in the build process.
[CREDENTIALS_UNSAFE]: The instructions explicitly prompt users to input 'private NuGet feeds with authentication details' in the configuration settings. This practice risks exposing sensitive credentials in the Docker image layers, build logs, or local configuration files.
[COMMAND_EXECUTION]: The skill invokes the 'docker build' command on the local system to verify the generated container configuration, which is a high-privilege operation.
[EXTERNAL_DOWNLOADS]: The skill fetches official base images from Microsoft's Container Registry (mcr.microsoft.com) and may download additional system packages or .NET tools from official repositories during the build process.

containerize-aspnetcore