dotnet-dockerfile
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials, sensitive file paths, or unauthorized network operations were detected. The templates include guidance for
.dockerignorefiles to prevent the accidental inclusion of sensitive local environment data or build artifacts. - [Unverifiable Dependencies] (SAFE): All container images referenced (
mcr.microsoft.com) are from Microsoft's official, trusted registry. No untrusted third-party scripts or packages are used. - [Privilege Escalation] (SAFE): The skill promotes security hardening by recommending the
USER appdirective and 'chiseled' images which lack a shell and run as non-root by default, preventing common container escape and post-exploitation techniques. - [Indirect Prompt Injection] (SAFE): The skill ingests project metadata (e.g., from
.csprojfiles) to configure the build process. - Ingestion points: Project files (.csproj) and user version input.
- Boundary markers: None (standard template generation).
- Capability inventory: No script execution or network operations in the skill itself; output is static text templates.
- Sanitization: Not applicable as the output is a text file for developer review.
Audit Metadata