The Agent Skills Directory

[EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION] (HIGH): The skill recommends running the nicolaka/netshoot image via docker run in SKILL.md. While netshoot is a widely used networking tool, it originates from a third-party GitHub/DockerHub account not included in the Trusted Organizations list. Running arbitrary external images allows for the execution of unverified code in the host or network environment.
[COMMAND_EXECUTION] (MEDIUM): Multiple files (SKILL.md, assets/debug-commands.yaml) provide instructions for executing commands as the root user (docker exec -u 0 or -u root). While necessary for some debugging tasks, this facilitates privilege escalation within the container context and increases the impact of any compromised container.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted data (container names/IDs) which are then used in shell commands.
Ingestion points: The container parameter in SKILL.md and the script argument in scripts/container-health-check.sh.
Boundary markers: Absent. No delimiters are used to separate the container identifier from the command logic.
Capability inventory: docker exec, docker logs, docker inspect, and docker stats are executed against the provided identifier.
Sanitization: Minimal. The shell script uses double-quotes around the variable "$CONTAINER", but there is no validation of the string content before it is passed to the Docker CLI.

docker-debugging