docker-cli
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill provides instructions for executing high-privilege system operations using sudo in its troubleshooting guide. Evidence: 'reference/troubleshooting.md' suggests commands such as 'sudo systemctl restart docker', 'sudo ufw status', and 'sudo apt-get purge docker-ce'. While these are legitimate for system administration, they provide a path for the agent to modify the host system beyond simple container management.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection by interpolating untrusted user data into shell commands. \n1. Ingestion points: User-provided container names, image tags, and environment variables (e.g., in 'docker run' patterns). \n2. Boundary markers: Absent; there are no instructions to use delimiters or ignore embedded instructions in user data. \n3. Capability inventory: The skill uses 'Bash(docker:*)' which allows file system access (volumes), network operations (push/pull), and process management. \n4. Sanitization: Absent; no validation or escaping of user input before command execution is specified.
- [SAFE] (SAFE): The skill follows security best practices for containers, such as recommending non-root users and read-only filesystems in the 'Security Patterns' section of 'reference/common-patterns.md'.
Audit Metadata