Skills
skills/dtsong/my-claude-setup/dockerfile-generation/Gen Agent Trust Hub

dockerfile-generation

Pass

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill implements strong security principles for Dockerfile generation, including the use of non-root users (UID 10001+), mandatory version pinning for base images (no :latest), and multi-stage builds to ensure a minimal runtime attack surface.
  • [SAFE]: Explicit input sanitization rules are defined for base image names, port numbers, and file paths to prevent common shell injection and path traversal attacks during the generation phase.
  • [COMMAND_EXECUTION]: The skill uses docker build and docker run to verify that the generated containers function as intended. This process includes running the container and capturing the first 50 lines of logs for debugging.
  • [COMMAND_EXECUTION]: Includes utility shell scripts (dockerfile-lint.sh, image-size-report.sh) that interface with the docker CLI and hadolint to provide automated linting and image size analysis.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 5, 2026, 12:44 AM