docker-sandbox
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill instructions explicitly direct the reading and storage of sensitive authentication files and tokens from the host machine's home directory.
- Evidence:
secrets add codex_auth_json --value "$(cat ~/.codex/auth.json)"inSKILL.mdaccesses sensitive session data for ChatGPT Pro. - Evidence: Exposure of
claude_setup_tokenwhich is a 1-year OAuth token for Anthropic's services. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on executing complex shell commands via
docker sandbox execandbash -c, which can be vulnerable to manipulation. - Evidence:
docker sandbox exec my-sandbox bash -c "mkdir -p ~/.codex && cat > ~/.codex/auth.json << 'EOF' ..."demonstrates dynamic script generation for credential injection. - [DATA_EXFILTRATION] (LOW): The skill logic facilitates the movement of host-level secrets into a containerized environment.
- Evidence: Use of environment variables (
-e CLAUDE_CODE_OAUTH_TOKEN) to pass secrets into the sandbox exposes them to process listing within the container.
Recommendations
- AI detected serious security threats
Audit Metadata