The Agent Skills Directory

[COMMAND_EXECUTION]: Provides instructions for executing commands as the root user within containers using docker exec -u root, which can be used to bypass container-internal security controls.
[COMMAND_EXECUTION]: Includes destructive management commands that can globally affect the host system, such as stopping all running containers, removing all images, or pruning the entire Docker system (docker system prune, docker rm $(docker ps -aq)).
[CREDENTIALS_UNSAFE]: The skill facilitates the inspection of container configurations, specifically environment variables (docker inspect -f '{{.Config.Env}}'), which are a common location for storing sensitive secrets like API keys and database credentials.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads and processes untrusted data from external sources that could contain malicious instructions.
Ingestion points: docker logs, docker inspect, docker exec output.
Boundary markers: None present; the agent treats all output as standard data.
Capability inventory: Includes the ability to start, stop, create, and delete containers, networks, and volumes, as well as executing arbitrary code inside containers.
Sanitization: No sanitization or filtering of container output or logs is performed before the data is returned to the agent context.
[EXTERNAL_DOWNLOADS]: Downloads container images from public registries like Docker Hub using docker pull, which is a standard but external dependency mechanism.

docker-manager