container-scan-trivy
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (LOW): The skill instructs the agent to execute shell commands using the
trivyCLI. While it involves interpolating user-provided inputs like image names or file paths, this is the primary intended function of the skill. - [Indirect Prompt Injection] (LOW): The skill processes untrusted data which could contain malicious instructions. Evidence chain: 1. Ingestion points: External container images, filesystems, and the resulting
trivy-results.jsonfile. 2. Boundary markers: Absent. No delimiters or warnings are provided to the agent to ignore instructions embedded within the scan targets or results. 3. Capability inventory: Execution oftrivyshell commands and parsing of JSON output. 4. Sanitization: Absent. External content is parsed directly into findings.
Audit Metadata