fix-orbstack-docker-pull

Fail

Audited by Gen Agent Trust Hub on May 13, 2026

Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The diagnostic script and instructions read and display the contents of sensitive Docker configuration files.
  • Evidence: The script scripts/diagnose-orbstack-docker-pull.sh executes sed -n '1,160p' ~/.orbstack/config/docker.json and sed -n '1,160p' ~/.docker/config.json.
  • Impact: These files typically contain an auths field with Base64 encoded credentials or access tokens for private Docker registries. Printing the content exposes these secrets directly to the agent's context.
  • [DATA_EXFILTRATION]: The skill performs extensive system enumeration beyond what is necessary for Docker connectivity diagnostics.
  • Evidence: Use of ps aux, lsof -nP -iTCP -sTCP:LISTEN, ifconfig, and netstat -rn in the diagnostic script.
  • Impact: This exposes the complete process list, active network connections, and local network topology of the host system to the agent.
  • [COMMAND_EXECUTION]: The skill executes commands to query and modify system-level network and daemon configurations.
  • Evidence: Commands such as networksetup -getwebproxy, networksetup -getsecurewebproxy, and orb config set network_proxy are used to interact with macOS and OrbStack settings.
  • Impact: While consistent with the stated purpose of fixing proxy issues, these tools allow the agent to alter system-level network paths.
  • [DATA_EXFILTRATION]: The skill documentation includes hardcoded absolute file paths revealing local user environment details.
  • Evidence: SKILL.md references a specific author path: /Users/jiamingfeng/.codex/skills/fix-orbstack-docker-pull/....
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 13, 2026, 06:56 PM
Security Audit — agent-trust-hub — fix-orbstack-docker-pull