devcontainer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (HIGH): The skill documentation and templates include piped shell execution from untrusted sources, which is a critical security risk. Specifically,
scripts/scan-image.tssuggests installing Trivy viacurl -sfL ... | shandassets/devcontainer-dockerfile.mdcontains a template command for installing Poetry usingcurl -sSL ... | python3 -. Neitheraquasecuritynorpython-poetryare on the specific list of trusted repositories. - CREDENTIALS_UNSAFE (HIGH): Multiple configuration templates in
assets/devcontainer-compose.mdcontain hardcoded default credentials for PostgreSQL and MySQL services (e.g.,POSTGRES_PASSWORD: postgres), which could be inadvertently deployed. - COMMAND_EXECUTION (MEDIUM): The
scripts/scan-image.tsscript uses theDeno.CommandAPI to execute external binaries (trivy), creating a significant attack surface. - PROMPT_INJECTION (LOW): The script
scripts/scan-image.tsis vulnerable to indirect prompt injection through command injection via unsanitized CLI arguments. 1. Ingestion points:imageNamevariable derived fromDeno.argsinscripts/scan-image.ts. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution viaDeno.Commandinscripts/scan-image.ts. 4. Sanitization: Absent; the script only filters out arguments starting with dashes.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata