docker-init
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill's primary workflow involves 'analyzing the project' to detect languages and frameworks. This ingestion of untrusted local data (e.g.,
README.md,package.json, or source code) lacks boundary markers or sanitization. An attacker could place malicious instructions inside these project files to trick the agent into including backdoors or malicious commands (e.g.,RUN curl ... | sh) in the generatedDockerfile. - Dynamic Execution (LOW): The skill generates executable configuration files (
Dockerfile,docker-compose.yaml). While this is its intended purpose, generating code based on untrusted project metadata without strict validation is a known vector for code injection. - Data Exposure (SAFE): The skill correctly recommends including
.envand.git/in the.dockerignorefile and uses.env.examplefor credentials, following security best practices for Docker environments.
Recommendations
- AI detected serious security threats
Audit Metadata