docker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements high-security standards for containerization, including the use of multi-stage builds to exclude build tools from production images and the enforcement of non-root users via 'useradd' and 'USER' instructions in Dockerfiles.
- [CREDENTIALS_UNSAFE] (LOW): Hardcoded default credentials (e.g., 'POSTGRES_PASSWORD: postgres') are found in 'templates/python/compose.yaml' and 'templates/node/compose.yaml'. These are explicitly for local development/test environments, and the skill provides an extensive 'references/env-analysis.md' guide to prevent these from reaching production.
- [COMMAND_EXECUTION] (SAFE): The 'Makefile' contains standard shell commands (docker build, docker run, curl) used for local testing and verification of the generated images. No suspicious or unauthorized command patterns were detected.
- [EXTERNAL_DOWNLOADS] (SAFE): The templates utilize standard, trusted tools like 'uv', 'pip', and 'pnpm' for dependency management. It also references 'Docker Hardened Images' (DHI) as a security-enhancing option for production environments.
Audit Metadata