containerize-aspnetcore
Warn
Audited by Gen Agent Trust Hub on May 3, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill explicitly instructs the agent to ask for and include sensitive information in the containerization settings or resulting Dockerfile. This includes 'private NuGet feeds with authentication details', database connection strings, and certificate passwords, which increases the risk of hardcoding secrets in plaintext.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external project data without adequate protections.
- Ingestion points: The agent reads project files like
.csprojandNuGet.configto determine the build environment and configuration. - Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed files.
- Capability inventory: The skill allows file writing (Dockerfile, .dockerignore) and shell command execution (
docker build). - Sanitization: There is no evidence of sanitization or validation of the content extracted from project files before it is used to generate the Dockerfile.
- [COMMAND_EXECUTION]: The workflow involves executing
docker build -t aspnetcore-app:latest .. If the agent is manipulated via indirect prompt injection to include maliciousRUNinstructions in the Dockerfile, this command will execute that code during the build process. - [EXTERNAL_DOWNLOADS]: The skill fetches official base images from the Microsoft Container Registry (
mcr.microsoft.com) and references image tags from GitHub. These are trusted, well-known services used appropriately for the skill's primary purpose.
Audit Metadata