docker
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains a command to download and execute the official Docker installation script using 'curl -fsSL https://get.docker.com | sh'. This is a standard installation method from a trusted and well-known service provider.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of administrative commands such as 'systemctl' for service control and 'docker exec' for container interaction. It correctly notes that Docker group membership is equivalent to root access.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it is designed to process and act upon the contents of configuration files like Dockerfiles.\n
- Ingestion points: Processes 'Dockerfile', 'daemon.json', and '.dockerignore' files as specified in the skill globs and operations.\n
- Boundary markers: There are no explicit instructions or delimiters used to separate the configuration data from the agent's core instructions or to prevent the execution of embedded commands.\n
- Capability inventory: The skill allows the agent to perform high-privilege tasks including running containers, executing commands within them, and modifying system services.\n
- Sanitization: No input validation or content filtering for the ingested configuration files is mentioned.
Recommendations
- HIGH: Downloads and executes remote code from: https://get.docker.com - DO NOT USE without thorough review
Audit Metadata