The Agent Skills Directory

PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection. 1. Ingestion points: The skill reads untrusted data from docker compose logs, docker inspect, and container file systems. 2. Boundary markers: None present to distinguish instructions from data. 3. Capability inventory: High-impact actions including docker compose exec -u root, docker system prune, and kill. 4. Sanitization: None present. An attacker-controlled container could output malicious instructions in logs to hijack the agent and execute destructive host or container commands.
COMMAND_EXECUTION (HIGH): The skill allows the agent to execute arbitrary commands as root inside containers via docker compose exec -u root app. This level of access enables total control over the container environment and potential exploitation of container vulnerabilities.
DATA_EXFILTRATION (MEDIUM): Multiple commands such as docker compose logs, docker compose config, and docker inspect are used to retrieve information. These outputs frequently contain sensitive secrets, API keys, and database credentials which would be exposed to the agent and potentially exfiltrated.
COMMAND_EXECUTION (MEDIUM): Provides access to destructive commands like kill $(lsof -t -i:3000) and docker system prune -a --volumes. If manipulated or used incorrectly, these could lead to immediate denial of service or permanent data loss.

docker-troubleshoot