Skills
skills/muench-dev/agent-skills/docker-setup-fixer/Gen Agent Trust Hub

docker-setup-fixer

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill uses npx to download and run dclint from the npm registry without version pinning or integrity verification.
  • REMOTE_CODE_EXECUTION (HIGH): Untrusted remote code execution via npx allows for potential supply chain attacks or typosquatting.
  • COMMAND_EXECUTION (HIGH): The skill executes shell commands to automatically modify the project's Docker configuration files.
  • PROMPT_INJECTION (HIGH): The skill is vulnerable to indirect prompt injection via untrusted Docker configuration files. Evidence: 1. Ingestion points: docker-compose.yml files. 2. Boundary markers: Absent. 3. Capability inventory: File modification (Fix all errors automatically). 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:24 AM