The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs extensive shell operations to analyze codebase structures, using tools like grep, jq, and cat to identify frameworks and dependencies. It also executes docker buildx and docker-compose to validate the generated configurations.
[EXTERNAL_DOWNLOADS]: The skill is designed to clone GitHub repositories provided by the user for analysis. It also references official installers for development tools like Bun and Rust.
[REMOTE_CODE_EXECUTION]: The knowledge base includes patterns for installing runtimes (e.g., Bun via curl | bash and Rust via curl | sh) from official and well-known service domains.
[DATA_EXFILTRATION]: The analysis module scans source code for environment variables and database connection strings. This is part of the legitimate functionality required to configure the Docker environment; the skill does not exfiltrate this data to external unauthorized domains.
[INDIRECT_PROMPT_INJECTION]: As the skill processes untrusted project data (e.g., package.json or source files), it possesses an inherent attack surface for indirect prompt injection. However, no specific exploits were found, and this is a general risk for tools that analyze external codebases.

dockerfile-skill