Skills
skills/mamba-mental/agent-skill-manager/docker-containerization/Gen Agent Trust Hub

docker-containerization

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The scripts scripts/docker-build.sh and scripts/docker-run.sh use the eval function to execute dynamically constructed shell commands.
  • Evidence: In scripts/docker-build.sh, the variable DOCKER_CMD is built from user-influenced arguments like -n, -t, and -b. The script then executes eval $DOCKER_CMD.
  • Risk: If the agent is tricked via indirect prompt injection into passing arguments containing shell metacharacters (e.g., ;, &&, or backticks), it could lead to arbitrary command execution on the host machine.
  • [DATA_EXPOSURE & EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file access, or unauthorized network operations were detected. The scripts handle environment files and registry URLs as expected for their stated purpose.
  • [UNVERIFIABLE DEPENDENCIES] (SAFE): The package.json file contains no external dependencies, and the skill does not attempt to download or execute remote scripts during runtime.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:35 PM