docker-init
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands like
catandgrepto analyze local project manifests for service detection. This functionality is restricted to local file scanning.\n- [DATA_EXFILTRATION]: The workflow involves scanning project files and environment examples for sensitive connection string patterns (e.g.,DATABASE_URL). While there is no network exfiltration mechanism, this involves reading sensitive data patterns to inform configuration generation.\n- [PROMPT_INJECTION]: The skill ingests data from local manifest files which could potentially contain malicious instructions intended to influence the agent. This represents an indirect prompt injection surface.\n - Ingestion points: Project manifests (package.json, requirements.txt, etc.) and source files.\n
- Boundary markers: Absent; the skill does not wrap ingested content in safety delimiters.\n
- Capability inventory: Read, Write, Edit, Grep, Glob, Bash(docker *).\n
- Sanitization: Uses specific keyword filtering via grep to limit the data being processed.
Audit Metadata