docker-management
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: Uses standard terminal commands to perform system-level Docker operations, including container execution, image builds, and service management.
- [EXTERNAL_DOWNLOADS]: Fetches container images from well-known registries including Docker Hub and the GitHub Container Registry (ghcr.io).
- [CREDENTIALS_UNSAFE]: Includes common placeholder credentials (e.g., 'secret', 'pass') in example commands and configuration templates for demonstration purposes.
- [DATA_EXFILTRATION]: Documents the use of the 'docker cp' command, which enables the transfer of files between the host filesystem and containerized environments.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection as the agent interacts with external data that could contain untrusted instructions.
- Ingestion points: Reads potentially untrusted data from container logs, image metadata, and local build contexts (SKILL.md).
- Boundary markers: Does not implement specific delimiters or 'ignore' instructions to isolate processed external content.
- Capability inventory: Possesses extensive terminal capabilities for command execution and infrastructure management (SKILL.md).
- Sanitization: Does not perform explicit sanitization or validation of data retrieved from external container sources.
Audit Metadata