Skills
skills/pluginagentmarketplace/custom-plugin-docker/docker-security/Gen Agent Trust Hub

docker-security

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOWEXTERNAL_DOWNLOADS
Full Analysis

The 'docker-security' skill is largely descriptive, consisting mainly of Markdown files (SKILL.md, references/GUIDE.md, references/PATTERNS.md) and YAML/JSON configuration files (assets/config.yaml, assets/schema.json, assets/security-checklist.yaml).

1. SKILL.md:

  • This file describes various Docker security best practices and provides code snippets for Dockerfiles and docker run commands. It also includes examples for vulnerability scanning tools like Trivy and Docker Scout, and secrets management. Crucially, the skill describes these commands and practices; it does not execute them. Users would copy and run these commands themselves.
  • One notable example is the docker-bench-security command, which involves mounting /var/run/docker.sock and --pid host. This grants significant privileges to the Docker daemon and host processes. While docker/docker-bench-security is a legitimate tool, executing such a command carries a high risk if the image were compromised or if the user did not understand the implications. However, since the skill only documents this command and does not execute it, this is noted as a potential user risk rather than a direct threat from the skill's code.
  • No prompt injection, data exfiltration, obfuscation, privilege escalation, or persistence mechanisms are detected within the descriptive content.

2. assets/config.yaml, assets/schema.json, assets/security-checklist.yaml, references/GUIDE.md, references/PATTERNS.md:

  • These files contain configuration, schema definitions, security checklists, and usage guides. They are purely informational and do not contain any executable code or malicious patterns.
  • No prompt injection, data exfiltration, obfuscation, privilege escalation, or persistence mechanisms are detected.

3. scripts/validate.py:

  • This is a Python script designed to validate the skill's directory structure and config.yaml file.
  • Unverifiable Dependencies (LOW): The script imports yaml (PyYAML library). While pyyaml is an external dependency, it is a widely used and trusted library. The script uses yaml.safe_load(), which is a safer method for parsing YAML, mitigating some risks associated with arbitrary code execution through YAML parsing. This is classified as LOW severity due to the trusted nature of the library and the safe loading method.
  • File System Access: The script uses os.path.exists, os.path.isdir, os.listdir, and open() to read config.yaml and check the skill's directory structure. These operations are confined to the skill's own files and are expected behavior for a validation script. No access to sensitive user files or directories is detected.
  • No prompt injection, data exfiltration (no network calls), obfuscation, privilege escalation, or persistence mechanisms are detected within the script.

Conclusion: The skill is primarily a documentation and example provider for Docker security. The only executable component is a validation script that uses a common, trusted external library (pyyaml). The high-privilege commands described in SKILL.md are examples for the user to implement, not actions performed by the skill itself. The overall risk is low, mainly due to the external dependency in the validation script.

Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 02:12 AM