lab
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers shell commands through
maketo control Docker containers (e.g.,make lab-up,make lab-down). - [EXTERNAL_DOWNLOADS]: Standard Docker image pulling is performed from external registries to set up the lab environment.
- [CREDENTIALS_UNSAFE]: Lists well-known default credentials for the DVWA lab service.
- [PROMPT_INJECTION]: Identifies a surface for indirect prompt injection given the agent's potential interaction with vulnerable lab services.
- Ingestion points: Local lab URLs (localhost:8080, localhost:3030, etc.) referenced in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Command execution via
make. - Sanitization: Not explicitly implemented.
Audit Metadata