devcontainer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: LOW
Full Analysis
- NO_CODE (SAFE): The skill consists entirely of informational Markdown files and JSON metadata. There are no executable scripts (.sh, .py, .js) or binary files included in the package.
- EXTERNAL_DOWNLOADS (LOW): Documentation and examples reference official Microsoft (mcr.microsoft.com) and Dev Container (ghcr.io/devcontainers) registries for base images and features. These are trusted sources under the [TRUST-SCOPE-RULE].
- CREDENTIALS_UNSAFE (SAFE): Examples in the SKILL.md files use obvious placeholder credentials (e.g., 'user:pass', 'devpass') for database connection strings and environment variables. These are standard for template documentation and do not represent a credential leak.
- COMMAND_EXECUTION (SAFE): The instructions guide the agent on how to use standard Dev Container lifecycle hooks (e.g., postCreateCommand, postStartCommand) for routine development tasks such as 'npm install', 'pip install', or 'dotnet restore'.
Audit Metadata