skills/mukul975/anthropic-cybersecurity-skills/scanning-container-images-with-grype/Gen Agent Trust Hub
scanning-container-images-with-grype
Fail
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references installation scripts for Grype and Syft from Anchore's official GitHub repository (raw.githubusercontent.com/anchore/grype and raw.githubusercontent.com/anchore/syft). These are standard installation methods for these tools and originate from a well-known security vendor.
- [COMMAND_EXECUTION]: The Python scripts
agent.pyandprocess.pyexecute thegrypeCLI using thesubprocessmodule. Commands are passed as lists rather than shell strings, which is a secure practice that mitigates the risk of command injection via manipulated image names. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It ingests data from container images (vulnerability descriptions and package metadata) which could contain instructions intended to influence an AI agent that processes the scan results.
- Ingestion points: Grype scan output parsed in
scripts/agent.pyandscripts/process.py. - Boundary markers: None identified in the script outputs to distinguish untrusted image data from system instructions.
- Capability inventory: The scripts can execute subprocesses and write files to the local filesystem.
- Sanitization: The scripts parse structured JSON data but do not perform content-level sanitization of the vulnerability descriptions or package names found within the images.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/anchore/grype/main/install.sh - DO NOT USE without thorough review
Audit Metadata