docker-to-sealos
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
subprocess.runmethod inscripts/compose_to_template.pyandscripts/quality_gate.pyto execute external binaries includingcraneandkompose. These operations are essential for its primary function of resolving container image digests and transforming workload definitions. The code correctly passes arguments as lists without usingshell=True, which mitigates common command injection risks. - [EXTERNAL_DOWNLOADS]: The skill fetches image metadata from remote container registries using the
cranetool and references static assets like logos and README files from official repository paths on GitHub. These network operations are limited to well-known services and are used to ensure the accuracy and integrity of the generated templates. - [PROMPT_INJECTION]: The skill defines strict 'MUST rules' for the agent to follow during conversion. While these rules are prescriptive, they do not attempt to bypass core safety guardrails or override foundational agent behavior.
- [SAFE]: The skill defines a large attack surface by ingesting user-provided Docker Compose files and documentation, but it implements multiple defensive layers including naming normalization via regular expressions and a comprehensive consistency checker (
scripts/check_consistency.py) that validates the output against production-grade rules. Ingestion points: Docker Compose YAML files and installation documentation referenced in Step 1. Boundary markers: Absent in the conversion logic. Capability inventory: Local file system write access and execution of internal conversion scripts. Sanitization: Implements automated schema validation and character-set normalization.
Audit Metadata