skills/jeremylongshore/claude-code-plugins-plus-skills/generating-docker-compose-files/Gen Agent Trust Hub
generating-docker-compose-files
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [C O M M A N D _ E X E C U T I O N ]: T h e
s c r i p t s / d e p l o y . s hf i l e u s e s t h ee v a lc o m m a n d t o e x e c u t e s h e l l s t r i n g s c o n s t r u c t e d f r o m v a r i a b l e s s u c h a s s t a c k n a m e s a n d n a m e s p a c e s . T h i s p a t t e r n i s v u l n e r a b l e t o s h e l l i n j e c t i o n i f t h e i n p u t v a r i a b l e s c o n t a i n m a l i c i o u s m e t a c h a r a c t e r s . - [C R E D E N T I A L S _ U N S A F E ]: T h e
a s s e t s / c o m p o s e _ t e m p l a t e . y m lf i l e c o n t a i n s h a r d c o d e d d e f a u l t p a s s w o r d s a n d c o n n e c t i o n s t r i n g s ( e . g . ,p o s t g r e s : / / u s e r : p a s s w o r d @ d b : 5 4 3 2 / d a t a b a s e) . A d d i t i o n a l l y ,s c r i p t s / g e n e r a t e _ e n v _ f i l e . p yi n c l u d e s a l i s t o f c o m m o n d e f a u l t s l i k ec h a n g e _ m e _ i n _ p r o d u c t i o nf o r s e n s i t i v e f i e l d s . - [E X T E R N A L _ D O W N L O A D S ]: T h e d e p l o y m e n t s c r i p t r e f e r e n c e s d o w n l o a d i n g t h e
k o m p o s eb i n a r y f r o m t h e o f f i c i a l K u b e r n e t e s G i t H u b r e p o s i t o r y . T h i s i s f l a g g e d n e u t r a l l y a s i t i n v o l v e s a t r u s t e d o r g a n i z a t i o n . - [I N D I R E C T _ P R O M P T _ I N J E C T I O N ]: T h e s k i l l p r o c e s s e s u s e r
- p r o v i d e d D o c k e r C o m p o s e f i l e s . I n j e c t i n g m a l i c i o u s i n s t r u c t i o n s o r s p e c i a l c h a r a c t e r s i n t o t h e s e f i e l d s c o u l d t a r g e t t h e d y n a m i c e x e c u t i o n l o g i c i n t h e d e p l o y m e n t s c r i p t s .
Audit Metadata