docker-debugger
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting untrusted data from external container sources.
- Ingestion points: Data enters the agent's context through logs and metadata retrieved via
docker logs,docker inspect, anddocker-compose logsas defined inSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat ingested log content as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The skill enables the agent to execute interactive shells and commands within containers using
docker exec -it <container_id> /bin/sh. - Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested log content before it is processed by the agent's logic.
Audit Metadata