docker-scout-scanner

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to detect and report hardcoded secrets (e.g., ARG DB_PASSWORD=hunter2) and the examples show including those secret values verbatim in findings, which requires the LLM to output secret values directly.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.75). Two of the URLs are direct downloads (.tar.gz and .sh) from an untrusted/generic domain (example.com) which is high-risk to fetch-and-execute, while the raw.githubusercontent.com link points to the official Docker org (lower risk), so the combined set should be treated as moderately-high risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's mandatory workflow (step 3) instructs the agent to run "docker scout cves " and "docker scout recommendations " to ingest JSON CVE and image-metadata from external image registries/CVE feeds (e.g., Docker Hub/NVD) and to parse those results into findings and remediation decisions, which means it reads untrusted third‑party content that can materially influence actions.