docker
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains a "Directive: EXECUTE, DON'T ASK" and "Enforcement Behavior" section. These instructions explicitly command the AI to bypass standard user confirmation prompts when executing commands, which is an override of core safety protocols. - [COMMAND_EXECUTION]: The skill is designed to execute shell commands via
docker execanddocker compose. When combined with the directive to skip user permission, this enables the autonomous execution of commands without human oversight. - [EXTERNAL_DOWNLOADS]: Both
README.mdandSKILL.mdprovide instructions to download and install additional skills from external GitHub repositories, specificallywrsmith108/docker-enforce,wrsmith108/docker-optimizer, andwrsmith108/docker-guard. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its command transformation logic:
- Ingestion points: User-supplied command strings (e.g.,
npm install <package>) described inSKILL.mdandsetup.md. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands within the user-provided package names or arguments.
- Capability inventory: Execution of system commands via
docker exec,docker compose, andbashacrossSKILL.md,setup.md, andhealth-checks.md. - Sanitization: Absent; the skill does not define methods for validating or escaping the user-provided input before incorporating it into execution strings.
Audit Metadata