container-scan-dockle
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests and parses JSON results generated from scanning container images, which creates a surface for indirect prompt injection if an image contains malicious metadata. * Ingestion points: dockle-results.json * Boundary markers: Absent * Capability inventory: dockle command execution and JSON parsing * Sanitization: Absent.
- [External Downloads] (LOW): The skill recommends installing the Dockle utility from the goodwithtech repository. While this is not on the pre-approved trusted source list, it is the standard distribution channel for this security tool and is essential for the skill's primary purpose.
- [Command Execution] (SAFE): The skill invokes the dockle command on local or remote container images. This execution is required for the intended purpose of security auditing and does not involve suspicious or hidden commands.
Audit Metadata