docker
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Category 1: Prompt Injection] (SAFE): No instructions found that attempt to override system behavior, bypass safety filters, or extract system prompts. The instructions are purely technical guidelines.
- [Category 2: Data Exposure & Exfiltration] (SAFE): No hardcoded credentials or sensitive file paths were detected. The skill correctly demonstrates using Docker secrets (
/run/secrets/) and external secret definitions rather than hardcoded environment variables. - [Category 4: Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill uses standard package managers (npm, apt-get) within Dockerfile examples. Remote base images (node:18-alpine, gcr.io/distroless) are from trusted, industry-standard registries.
- [Category 5: Privilege Escalation] (SAFE): The skill actively encourages privilege de-escalation by requiring the creation of non-root users (
appuser,nodejs) and switching theUSERcontext within containers. - [Category 8: Indirect Prompt Injection] (LOW): While the skill ingests user Dockerfiles for review (attack surface), it does so by applying strict security constraints and multi-stage build patterns, which mitigates the risk of executing embedded malicious instructions.
- [Category 10: Dynamic Execution] (SAFE): No dynamic code generation or unsafe deserialization patterns are present in the provided templates.
Audit Metadata