net-docker

The skill 'net-docker' is primarily instructional, providing code snippets for Docker configuration files (Dockerfile, docker-compose.yml, .dockerignore). It does not contain any direct commands for the AI agent to execute. The content is well-aligned with its stated purpose of creating Docker configurations for .NET applications.

1. Prompt Injection: No patterns indicative of prompt injection (e.g., 'IMPORTANT: Ignore', 'Override', 'jailbreak') were found in the skill's description or code snippets.
2. Data Exfiltration: No sensitive file paths (e.g., ~/.aws/credentials, ~/.ssh/id_rsa) are accessed. The curl command within the Dockerfile's HEALTHCHECK is directed to http://localhost/health, which is a local health check and not an attempt to exfiltrate data to an external server. No other network operations to untrusted domains were detected.
3. Obfuscation: No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or URL/hex/HTML encoding were found.
4. Unverifiable Dependencies: The skill references Docker images like mcr.microsoft.com/dotnet/sdk, mcr.microsoft.com/dotnet/aspnet, postgres:15-alpine, and redis:7-alpine. mcr.microsoft.com is a trusted Microsoft registry. postgres and redis are official images from Docker Hub, which are widely considered trusted sources for base images. These are standard, well-known dependencies and do not pose a significant risk of arbitrary code execution or supply chain attacks in this context. This is noted as an informational finding but does not elevate the overall risk.
5. Privilege Escalation: No commands like sudo, chmod +x, or chmod 777 are present. The skill does not attempt to acquire elevated privileges.
6. Persistence Mechanisms: No attempts to establish persistence (e.g., modifying .bashrc, crontab, SSH authorized_keys) were detected.
7. Metadata Poisoning: The skill's metadata (name, description, license, compatibility) is clean and does not contain any malicious instructions.
8. Indirect Prompt Injection: The skill generates configuration files and does not process external user-provided content in a way that would make it susceptible to indirect prompt injection.
9. Time-Delayed / Conditional Attacks: No conditional logic based on dates, times, usage counts, or environment variables that would trigger malicious behavior was found.

Overall, the skill is straightforward, provides useful configuration examples, and adheres to security best practices within its scope.