Skills
skills/peteonrails/voxtype/docker-test/Gen Agent Trust Hub

docker-test

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (HIGH): The skill downloads binaries from github.com/peteonrails and clones repositories from aur.archlinux.org. These sources are not in the trusted whitelist, making the integrity of the downloaded content unverifiable.
  • REMOTE_CODE_EXECUTION (HIGH): The skill uses curl to download a binary, grants execution permissions with chmod +x, and runs it directly. This pattern of downloading and executing untrusted code at runtime is a high-risk security vulnerability.
  • COMMAND_EXECUTION (MEDIUM): The skill executes local shell scripts (./scripts/build-docker.sh) and uses Docker to mount host directories (-v $(pwd)/releases:/releases). This allows the container and any code running within it to interact with the host filesystem.
  • PROMPT_INJECTION (HIGH): The skill has a high attack surface for indirect prompt injection (Category 8). It ingests untrusted data from external sources and processes it using high-privilege tools like Bash and docker. Evidence:
  • Ingestion points: github.com release URLs and aur.archlinux.org git repositories.
  • Boundary markers: Absent.
  • Capability inventory: Bash tool (curl, chmod, execution), docker run (privileged directory mounting).
  • Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:58 AM