docker-local

[Skill Scanner] [Documentation context] Installation of third-party script detected Benign. The code is a development guidance/documentation for Docker-based Drupal local setups. The only caveat is the presence of hardcoded default credentials in the documentation (e.g., MYSQL_ROOT_PASSWORD: root). If this content is intended for public distribution, consider removing or parameterizing such defaults and encouraging the use of .env or secret management to avoid leaking credentials in public repos. LLM verification: [LLM Escalated] This skill/documentation is benign in intent and appropriate for Docker-based local development, but it contains moderate security issues: example hardcoded credentials, credential exposure in Makefile commands, and unpinned external images/artifacts (COPY from composer:latest, alpine variants). Recommend: remove hardcoded passwords from examples, show safe ways to pass secrets (use .env and docker secrets), avoid embedding passwords on command lines, and pin image tags or add guidance to pin ve