devcontainer-setup
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external project configuration files to infer project names and slugs.
- Ingestion points: Processes
package.json,pyproject.toml,Cargo.toml, andgo.modfiles from the project directory. - Boundary markers: No explicit instruction delimiters are used for the interpolated data.
- Capability inventory: The skill writes configuration files to the
.devcontainer/directory and specifies commands for execution inpostCreateCommand. - Sanitization: The skill applies slugification (lowercase conversion and character replacement) when generating names for persistent volumes, which provides basic sanitization against malformed input.
- [DYNAMIC_EXECUTION]: The skill generates shell scripts (
install.sh) and Python scripts (post_install.py) that are subsequently executed during the container initialization process. These scripts are generated based on identified language stacks and project needs. - [COMMAND_EXECUTION]: Requests
NET_ADMINcapabilities within the container environment to support network isolation tools likeiptablesandipset. This is documented as part of the container's specialized networking configuration.
Audit Metadata