container
Warn
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous Nushell scripts in the scripts/ directory and Mise tasks in templates/mise.toml that execute the container command-line utility to manage system services, images, networks, and container lifecycles.\n- [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md directs users to download the CLI tool from the Apple official GitHub organization. This reference is to a well-known and trusted source.\n- [PROMPT_INJECTION]: The skill documentation includes deceptive metadata, claiming support for macOS 26+ (Tahoe) and referring to a future-dated security fix (CVE-2026-20613), which are not present in current platform versions or vulnerability databases. Furthermore, the skill creates a surface for indirect prompt injection by facilitating the ingestion of untrusted data from container logs and image metadata.\n
- Ingestion points: container logs and container image inspect commands are utilized in SKILL.md, scripts/container-lifecycle.nu, and scripts/container-images.nu.\n
- Boundary markers: No explicit delimiters or protective instructions are defined to prevent the agent from following instructions potentially embedded in the logs or metadata output.\n
- Capability inventory: The skill enables the agent to run new containers via container run, execute commands in running containers via container exec, and build images via container build.\n
- Sanitization: No sanitization or verification of the ingested external content is performed before processing.
Audit Metadata