The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The skill includes a high-risk pattern in the 'Custom Images' section of SKILL.md: curl -fsSL https://deb.nodesource.com/setup_20.x | bash -. Piped remote execution is a critical security vulnerability as it allows execution of arbitrary code from an external source without prior validation or integrity checks.\n- COMMAND_EXECUTION (MEDIUM): The documentation instructs users on how to run containers in --privileged mode and how to mount the host's Docker socket (/var/run/docker.sock). These configurations are highly dangerous as they effectively grant root-level control over the host system to the containerized environment.\n- EXTERNAL_DOWNLOADS (LOW): The skill promotes the use of community-maintained Docker images (e.g., catthehacker/ubuntu). These sources are outside the defined trusted organizations list, introducing a dependency on unverified third-party binaries.

act-docker-setup