docker-node
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill metadata requests
Bash (*)permissions. This is a high-privilege capability that allows the execution of arbitrary shell commands on the host system or within containers, which could be exploited to compromise the environment. - [CREDENTIALS_UNSAFE] (MEDIUM): The
docker-compose.ymlconfiguration contains hardcoded default credentials (POSTGRES_USER: postgres,POSTGRES_PASSWORD: postgres). While intended for development, these represent unsafe practices and are easily accessible in the skill's source. - [PROMPT_INJECTION] (HIGH): (Category 8: Indirect Prompt Injection) The skill is designed to process untrusted external data (user project files) while possessing high-privilege capabilities.
- Ingestion points: The skill reads user-controlled files including
package.json,tsconfig.json, and the entiresrc/andprisma/directories during build and migration processes. - Boundary markers: Absent. There are no delimiters or system instructions provided to ensure the agent ignores malicious instructions embedded within the processed code or configuration files.
- Capability inventory: The agent has
Bash,Write, andEditpermissions, allowing it to execute commands or modify files based on instructions it might find in the ingested source data. - Sanitization: Absent. The skill does not specify any validation or sanitization logic for the content of the files it processes before executing build or migration commands.
Recommendations
- AI detected serious security threats
Audit Metadata