Skills
skills/sundial-org/awesome-openclaw-skills/dockerfile-gen/Gen Agent Trust Hub

dockerfile-gen

Warn

Audited by Gen Agent Trust Hub on Mar 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Execution of npx ai-dockerfile involves downloading a package from the npm registry at runtime.
  • [REMOTE_CODE_EXECUTION]: The skill uses npx to download and execute code from an external registry. The package ai-dockerfile is not associated with a verified trusted organization.
  • [COMMAND_EXECUTION]: The skill requires the execution of shell commands (npx) on the host system to perform its primary function of project scanning and Dockerfile generation.
  • [PROMPT_INJECTION]: The skill scans local project files to generate Dockerfiles, creating an indirect prompt injection surface.
  • Ingestion points: Local project files scanned by the tool during analysis.
  • Boundary markers: None identified in the skill instructions to separate project data from agent instructions.
  • Capability inventory: Shell command execution via npx and potential local file system writes.
  • Sanitization: No evidence of input validation or sanitization for the scanned project contents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 21, 2026, 01:00 PM