container-security
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads several security tools and configurations from external sources.
- Evidence: Fetches the Kubescape installation script from its official GitHub repository (
raw.githubusercontent.com/kubescape/kubescape). - Evidence: Downloads a Kubernetes job manifest for
kube-benchfrom Aqua Security's official GitHub repository (raw.githubusercontent.com/aquasecurity/kube-bench). - Evidence: Clones the Docker Bench for Security repository from Docker's official GitHub account.
- Note: All identified sources are trusted organizations or well-known services within the security industry.
- [COMMAND_EXECUTION]: The skill provides numerous commands for executing security audits, including some requiring elevated privileges.
- Evidence: Uses
sudoto executedocker-bench-security.sh, which is required for auditing host-level Docker daemon configurations. - Evidence: Includes instructions for testing container escapes using
mountandchroot, provided as functional examples for security testers to identify vulnerabilities. - [REMOTE_CODE_EXECUTION]: Uses the pipe-to-shell pattern for installation.
- Evidence:
curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bashis used to install Kubescape. - Note: This is a common installation pattern for this specific trusted tool and is considered acceptable within this functional context.
Audit Metadata