docker-compose
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill empowers the agent to execute 'docker compose' commands, including 'up', 'down', and 'exec'. This allows for the deployment of arbitrary services and the execution of commands within containers, which can be used to impact the host system if misconfigured.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill facilitates pulling Docker images from remote registries. Although documentation examples use trusted sources like 'mcr.microsoft.com', there are no technical constraints preventing the agent from pulling malicious images from untrusted registries.
- PROMPT_INJECTION (HIGH): This skill is highly vulnerable to indirect prompt injection. Because it processes external descriptions to generate 'compose.yaml' files, an attacker could inject instructions that cause the agent to create containers with privileged host access, such as mounting the host's root filesystem or modifying network configurations.
- DATA_EXFILTRATION (LOW): While not explicitly designed for data exfiltration, the ability to mount volumes and define networks provides the primitives necessary to read sensitive host files and transmit them to external services.
Recommendations
- AI detected serious security threats
Audit Metadata