skills/mukul975/anthropic-cybersecurity-skills/detecting-container-drift-at-runtime/Gen Agent Trust Hub
detecting-container-drift-at-runtime
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes two Python scripts that execute shell commands to interact with container runtimes:
scripts/agent.pyusessubprocess.runto executedocker topfor process auditing. This is done using list-based arguments withoutshell=True, which is a secure practice to prevent command injection.scripts/process.pyusessubprocess.runto executekubectl getcommands for gathering Kubernetes pod and namespace metadata. These calls are also handled using list-based arguments.- [DATA_EXPOSURE]: The scripts access container and process metadata (such as running processes, filesystem changes, and image digests). This data is used solely for local auditing and reporting; no network operations were found that would transmit this data to external servers.
Audit Metadata