selinux-knowledge-patch
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing system-level commands including semodule for SELinux policy management and podman or docker for container management. These commands typically require administrative privileges to modify system security state and are central to the skill's functionality.
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface where data from podman inspect or docker inspect is processed by udica to generate security policies. If the container inspection data originates from an untrusted source, it could influence the resulting SELinux policy.
- Ingestion points: podman inspect and docker inspect output mentioned in references/container-policy.md.
- Boundary markers: Absent.
- Capability inventory: semodule for system-wide SELinux policy installation referenced in SKILL.md and references/container-policy.md.
- Sanitization: Absent; the workflow relies on the internal parsing logic of the udica utility.
Audit Metadata