The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The scripts scripts/docker-build.sh and scripts/docker-run.sh utilize eval $DOCKER_CMD to execute dynamically constructed command strings. Although the variables are partially validated during argument parsing, the use of eval re-evaluates the entire string, which can lead to shell injection if a user-supplied variable (like an image name or tag) contains malicious shell characters (e.g., ;, &, |).
INDIRECT_PROMPT_INJECTION (LOW): This skill has an attack surface for indirect prompt injection because it generates executable shell scripts based on user input (e.g., image names, repository paths).
Ingestion points: User input provided to the agent for generating containerization configurations.
Boundary markers: None. The templates directly interpolate provided names into shell commands.
Capability inventory: Subprocess execution via eval and docker commands in scripts/docker-build.sh, scripts/docker-run.sh, and scripts/docker-push.sh.
Sanitization: The scripts use basic variable quoting, but this is bypassed by the subsequent call to eval.
DATA_EXFILTRATION (SAFE): No indicators were found of the skill attempting to access sensitive files (like ~/.ssh or .env files on the host) and transmitting them to external domains.
REMOTE_CODE_EXECUTION (SAFE): No patterns were detected involving the download and immediate execution of remote scripts (e.g., curl | bash).

docker-containerization