managing-docker
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill provides extensive instructions for executing Docker, Docker Compose, and Linux system commands. These commands are fundamental to the skill's primary purpose of container management and development workflow assistance.
- [EXTERNAL_DOWNLOADS]: References the acquisition of official and community Docker images from trusted and well-known registries including Docker Hub, GitHub Container Registry (GHCR), and Google Container Registry.
- [EXTERNAL_DOWNLOADS]: Provides installation procedures for several well-known third-party development and security tools (e.g., Cosign, Syft, Hadolint, Dive) from their official GitHub repositories.
- [EXTERNAL_DOWNLOADS]: Includes a technical reference for running a community-maintained image (
jorgeprendes420/docker-desktop-shim-manager) to inspect Wasm runtimes, which requires high-privilege container execution flags. - [CREDENTIALS_UNSAFE]: Several reference files contain hardcoded example passwords (e.g.,
POSTGRES_PASSWORD=mypassword,MYSQL_ROOT_PASSWORD=rootpassword) within documentation snippets and Docker Compose examples. These are standard placeholders in technical documentation meant for illustrative purposes and do not represent the exposure of actual secrets.
Audit Metadata