docker
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
sudoto start the Docker daemon and run containers, which grants the agent root-level permissions. Evidence includessudo dockerdandsudo docker runcommands in bothREADME.mdandSKILL.md. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes output from external commands. Ingestion points: Docker container output from
sudo docker run hello-worldinSKILL.md. Boundary markers: None present. Capability inventory: System-wide administrative access viasudoand background process execution. Sanitization: No filtering or validation of command output is performed before the agent processes it.
Audit Metadata