fix-orbstack-docker-pull
Fail
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The diagnostic script and instructions read and display the contents of sensitive Docker configuration files.
- Evidence: The script
scripts/diagnose-orbstack-docker-pull.shexecutessed -n '1,160p' ~/.orbstack/config/docker.jsonandsed -n '1,160p' ~/.docker/config.json. - Impact: These files typically contain an
authsfield with Base64 encoded credentials or access tokens for private Docker registries. Printing the content exposes these secrets directly to the agent's context. - [DATA_EXFILTRATION]: The skill performs extensive system enumeration beyond what is necessary for Docker connectivity diagnostics.
- Evidence: Use of
ps aux,lsof -nP -iTCP -sTCP:LISTEN,ifconfig, andnetstat -rnin the diagnostic script. - Impact: This exposes the complete process list, active network connections, and local network topology of the host system to the agent.
- [COMMAND_EXECUTION]: The skill executes commands to query and modify system-level network and daemon configurations.
- Evidence: Commands such as
networksetup -getwebproxy,networksetup -getsecurewebproxy, andorb config set network_proxyare used to interact with macOS and OrbStack settings. - Impact: While consistent with the stated purpose of fixing proxy issues, these tools allow the agent to alter system-level network paths.
- [DATA_EXFILTRATION]: The skill documentation includes hardcoded absolute file paths revealing local user environment details.
- Evidence:
SKILL.mdreferences a specific author path:/Users/jiamingfeng/.codex/skills/fix-orbstack-docker-pull/....
Recommendations
- AI detected serious security threats
Audit Metadata