docker-init
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches base images from Google Container Registry and uses security tools like Trivy from trusted repositories. These are well-known, official sources and are handled securely within the generated configurations.
- [PROMPT_INJECTION]: The skill reads project configuration files to automate setup. While this introduces an ingestion surface for indirect prompt injection, the risk is mitigated by the skill's focus on producing static configuration files and the inclusion of security hardening instructions.
- [COMMAND_EXECUTION]: Uses the Docker CLI for building and testing containers. The skill includes built-in safeguards, such as requiring explicit user consent before overwriting existing files, preventing accidental or malicious data loss.
Audit Metadata