ask-docker-expert
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No instructions attempting to bypass safety filters or override system prompts were found. The constraints are focused on technical best practices.
- [Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or attempts to access sensitive local files or perform unauthorized network transfers were detected. The use of curl mentioned in documentation is for internal container network debugging.
- [Obfuscation] (SAFE): The content is clear and uses no encoding (Base64), zero-width characters, or hidden strings to mask intent.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external packages are required by the scripts, and no remote scripts are downloaded or executed. The provided Python script is a simple placeholder.
- [Privilege Escalation] (SAFE): The skill explicitly mandates security best practices, such as forbidding the use of the root user within containers.
- [Indirect Prompt Injection] (LOW): As a guidance-based skill, it ingests user queries about Dockerfiles. While it lacks explicit boundary markers for user-provided code snippets, its primary output consists of static templates and advice, posing minimal risk.
Audit Metadata