docker-multi-stage
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [GENERAL] (SAFE): Analysis of the skill body, templates, and scripts found no evidence of prompt injection, data exfiltration, or obfuscation. The provided patterns are consistent with documented 2024-2025 Docker best practices.
- [COMMAND_EXECUTION] (LOW): The script
scripts/image-size-analyzer.shexecutes localdockercommands to analyze image metadata. While it uses shell variables, they are correctly double-quoted, and the operations are restricted to read-only metadata inspection (docker images,docker history). - [EXTERNAL_DOWNLOADS] (INFO): The Docker templates reference standard, official base images from Docker Hub (Node, Python, Go, Rust, Java) and Google Container Registry (Distroless). These are well-known, trusted sources for container development.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill serves as a template repository and does not ingest untrusted external data for prompt interpolation, effectively eliminating the primary indirect injection attack surface.
Audit Metadata