Skills
skills/levnikolaevich/claude-code-skills/ln-731-docker-generator/Gen Agent Trust Hub

ln-731-docker-generator

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches shared and reference template files from the author's official GitHub repository if they are not found in the local file system.
  • [CREDENTIALS_UNSAFE]: The docker-compose.yml template contains a default password placeholder (changeme) for the database service, which is a standard pattern for local development templates.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it extracts version numbers and project metadata from local project files (e.g., package.json, *.csproj) and interpolates them into the generated configuration files.
  • Ingestion points: Project metadata files including package.json, *.csproj, and pyproject.toml parsed during the variable substitution phase.
  • Boundary markers: None; variables are substituted directly into the templates without delimiters or 'ignore' instructions.
  • Capability inventory: File write operations for generating Dockerfile, docker-compose.yml, and nginx.conf as described in Phase 4 of the workflow.
  • Sanitization: No explicit validation or sanitization of the strings extracted from project files is mentioned before they are used in file generation.
  • [DATA_EXPOSURE]: The skill proactively mitigates data exposure by providing a .dockerignore template that excludes environment files (.env), private keys (.pem, .key), and secret directories from the Docker build context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 03:02 PM