docker-registry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime commands that query and display content from external container registries and URLs—e.g., curl against registry endpoints, skopeo copy from docker://source-registry, and the registry UI (joxit/docker-registry-ui) which will fetch and show data from public registries like Docker Hub or arbitrary registry.example.com—exposing the agent to untrusted, user-provided registry content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill pulls and runs external Docker images at runtime (e.g., registry:2 and joxit/docker-registry-ui:latest from Docker Hub), which are fetched during execution and will run remote code required for the skill.