docker-compose
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Example files in 'references/compose-patterns.md' contain hardcoded passwords such as 'POSTGRES_PASSWORD: secret' and 'DB_PASS=secret'.
- [COMMAND_EXECUTION]: The skill provides patterns in 'references/compose-patterns.md' that mount the Docker socket ('/var/run/docker.sock') into containers, which allows management of the host Docker daemon and presents a privilege escalation risk.
- [PROMPT_INJECTION]: Indirect prompt injection surface exists. 1. Ingestion points: User-provided YAML files via 'globs' defined in 'SKILL.md'. 2. Boundary markers: Absent; no instructions are provided to the agent to ignore embedded instructions in the configuration data. 3. Capability inventory: 'docker compose' CLI execution across various commands like 'up', 'run', and 'exec'. 4. Sanitization: None; the skill assumes the content of the YAML files is safe.
Audit Metadata