dokploy-admin
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to utilize high-privilege shell interfaces including bash, SSH, and
docker execfor host-level and container-level operations. Evidence is located inSKILL.md,references/ssh-docker.md, andreferences/troubleshooting.md. - [COMMAND_EXECUTION]: Guidance in
references/source-code-analysis.mdexplicitly recommends usingnode -eto dynamically execute JavaScript code for reading files inside running containers, which represents a dynamic execution risk. - [DATA_EXFILTRATION]: The skill outlines procedures for accessing sensitive source code, configuration files, and database schemas using commands such as
grep,fs.readFileSync, andpsql. While intended for legitimate administration, this provides a mechanism for exposing system secrets. Evidence inreferences/source-code-analysis.md. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ingestion of untrusted external data.
- Ingestion points: Application logs, container logs (
docker logs), and terminal outputs as described inreferences/ssh-docker.md. - Boundary markers: Absent; there are no instructions to treat log content as data or to ignore embedded instructions.
- Capability inventory: Host-level command execution via SSH, container manipulation via Docker, and full resource management via Dokploy MCP tools (
references/mcp.md). - Sanitization: Absent; no sanitization or filtering of log data is mentioned before processing.
Audit Metadata