docker-reviewer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions found that attempt to bypass safety guidelines or override system prompts. The content is strictly instructional for code review.
- Data Exposure & Exfiltration (SAFE): No access to sensitive local files or unauthorized network requests detected. Hardcoded credentials found in the file are clearly marked as 'BAD' examples to be identified during reviews, not used for authentication.
- Obfuscation (SAFE): No encoded strings, zero-width characters, or hidden content detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not perform any external package installations or execute remote scripts. Commands like 'npm install' are within illustrative Dockerfile examples and not executed by the skill itself.
- Privilege Escalation (SAFE): No commands related to privilege escalation (e.g., sudo, chmod) are present for the host environment. The skill correctly identifies running as root inside containers as a security risk.
- Indirect Prompt Injection (LOW): While the skill processes untrusted user data (Dockerfiles), it lacks executable capabilities (file writing, network access, or subprocess execution), rendering the risk of secondary exploitation negligible.
Audit Metadata