docker-local
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill defines patterns for executing arbitrary commands on the host and inside containers using
docker compose exec <service> <command>anddocker compose run. This allows for a wide range of host-system influence. - [CREDENTIALS_UNSAFE] (HIGH): Multiple files (docker-compose.yml, Makefile, .env) contain hardcoded default credentials (e.g.,
MYSQL_ROOT_PASSWORD: root,mysql -u root -proot). While intended for local development, these patterns promote insecure credential management. - [PRIVILEGE_ESCALATION] (HIGH): The 'Troubleshooting' section explicitly includes
sudo lsof -i :80andsudo lsof -i :3306. Directing an agent to usesudois a high-risk privilege escalation vector. - [INDIRECT_PROMPT_INJECTION] (HIGH): Vulnerability surface identified.
- Ingestion points: The skill ingests commands and arguments from the agent's context/user input to pass directly to
docker compose execand theMakefile. - Boundary markers: None identified; commands are interpolated directly into shell strings.
- Capability inventory: Host-level shell execution (ls, docker, sudo), container-level execution (bash, drush, composer), and file system modification (chown).
- Sanitization: No sanitization or validation of the commands being passed to the containers is present.
- [DATA_EXPOSURE] (MEDIUM): The skill provides instructions to access environment variables and project configuration files (
.env,settings.php) which may contain sensitive keys or internal network paths.
Recommendations
- AI detected serious security threats
Audit Metadata