docker-setup
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill references official Docker images (node, python) and trusted registries (ghcr.io for the uv tool). Package installations (npm, pip, uv) are standard for the tech stack.\n- Data Exposure & Exfiltration (SAFE): Example environment variables use generic placeholders. No sensitive local file access or external data exfiltration patterns were found.\n- Indirect Prompt Injection (SAFE): While the skill ingests external prompt files, this is part of its intended orchestration logic. Standard boundary markers are not explicitly defined in the provided snippets, but the capabilities are limited to local build environment setup.\n- Privilege Escalation (SAFE): The skill explicitly recommends and implements non-root users within Dockerfiles and does not attempt to use sudo or modify system-level persistence.
Audit Metadata