dockerization
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): This skill presents a significant Indirect Prompt Injection surface because it mandates the analysis of external, untrusted content while maintaining execution capabilities. \n* Ingestion points: Phase 1 (Application Analysis) explicitly instructs the agent to 'Examine directory structure and key files' and 'Identify programming language, framework, and dependencies' from the target application. \n* Boundary markers: Absent. No instructions are provided to help the agent distinguish between application data and potentially malicious instructions embedded in files like README.md or package.json. \n* Capability inventory: The agent is authorized to execute
docker compose buildanddocker compose up(Phases 5 and 6), which can be used to run arbitrary code during a build or launch privileged containers. \n* Sanitization: Absent. There is no requirement for the agent to filter or validate content read from the application files. \n- COMMAND_EXECUTION (MEDIUM): The skill requires the agent to execute system-level commands (docker compose). In the context of the analysis phase, this capability serves as the primary vector for an indirect prompt injection attack to achieve persistence or execute arbitrary code on the host.
Recommendations
- AI detected serious security threats
Audit Metadata