dockerfile-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This skill explicitly auto-generates config files "including secrets" (e.g., .env.docker.local) and promises "zero human interaction," which requires the LLM to create and embed secret values verbatim in generated files/outputs, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and clones arbitrary public GitHub URLs (see SKILL.md usage: "/dockerfile ") and modules/analyze.md requires loading and parsing repository files (package.json, migration dirs, build scripts) which are untrusted user-generated content that the agent reads and uses to drive build/fix actions and Dockerfile generation, so third-party content can materially influence its decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains explicit curl | bash commands that would be executed during image build (e.g., "RUN curl -fsSL https://bun.sh/install | bash" and "RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y"), so remote scripts are fetched and executed at runtime and therefore present a high-risk external dependency.