Skills
skills/quantmind-br/skills/dokploy-docs/Gen Agent Trust Hub

dokploy-docs

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The documentation frequently promotes the use of curl -sSL https://dokploy.com/install.sh | sh for installation and updates. This pattern executes a remote script with shell privileges without prior inspection, which is a critical risk if the vendor's domain or the network transport is compromised.
  • [COMMAND_EXECUTION]: The manual installation guide in docs/009-docs-core-manual-installation.md includes the command chmod 777 /etc/dokploy. This grants every user on the system full read, write, and execute access to the application's configuration directory, violating basic security principles of least privilege.
  • [COMMAND_EXECUTION]: The uninstallation instructions in docs/010-docs-core-uninstall.md recommend using sudo rm -rf /etc/dokploy. This requires elevated privileges and performs a destructive operation on system-level directories.
  • [REMOTE_CODE_EXECUTION]: The skill provides instructions to download and execute scripts from well-known technology providers, including https://get.docker.com and https://tailscale.com/install.sh.
  • [PROMPT_INJECTION]: The skill documents a platform designed to manage untrusted data from external sources, creating an indirect prompt injection surface (Category 8).
  • Ingestion points: Untrusted data enters the agent's operating context via Git repository integrations (GitHub, GitLab, Bitbucket, Gitea), zip file uploads, and environment variable configurations as described in docs/014-docs-core-applications.md and docs/018-docs-core-variables.md.
  • Boundary markers: The documentation does not provide instructions for the agent to use delimiters or ignore instructions found within the processed application data.
  • Capability inventory: Across the documentation (e.g., docs/056-docs-core-schedule-jobs.md), the agent is granted high-privilege capabilities including container execution (docker exec), service management (docker service create), and file system manipulation.
  • Sanitization: There is no mention of sanitizing or filtering content pulled from repositories or user-defined variables before they are processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://dokploy.com/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 06:24 AM