troubleshoot
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to terminate system processes using the
killcommand based on port activity monitored bylsof. - [COMMAND_EXECUTION]: The skill facilitates privilege escalation within containers by providing commands to execute as the root user using
docker compose exec -u root. - [COMMAND_EXECUTION]: The skill includes destructive commands for deleting Docker resources, including containers, images, and volumes, via
docker system prune -a --volumes. - [COMMAND_EXECUTION]: The skill provides methods for obtaining interactive shell access (
sh) to both running and failed containers. - [DATA_EXFILTRATION]: The skill reads container logs and configuration data through
docker compose logsanddocker compose config, which may expose sensitive information such as environment variables, secrets, or application data. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from container logs and inspection metadata without sanitization.
- Ingestion points:
docker compose logs,docker inspect. - Boundary markers: Absent.
- Capability inventory: Process termination (
kill), root execution (exec -u root), shell access (sh), and resource deletion (prune). - Sanitization: Absent.
Audit Metadata