containers-internals
Warn
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing administrative commands such as nsenter, unshare, and mount. These tools are used to manipulate process namespaces and filesystem structures.
- [COMMAND_EXECUTION]: Includes instructions for executing the runc container runtime using sudo, which provides the process with root-level access to the host system.
- [EXTERNAL_DOWNLOADS]: References the official Docker/Moby default seccomp profile from the project's GitHub repository. This is an informative reference to a well-known service.
- [DATA_EXPOSURE]: The workflow involves reading system-level information from sensitive paths including /proc and /sys/fs/cgroup.
- [PROMPT_INJECTION]: The skill implements an attack surface for indirect prompt injection by processing untrusted user queries while possessing high-privilege capabilities.
- Ingestion points: User queries about namespaces, cgroups, and container isolation processed via SKILL.md.
- Boundary markers: None provided.
- Capability inventory: Command execution capabilities including sudo, mount, and nsenter across system management workflows.
- Sanitization: No evidence of input validation or escaping for dynamic values like process IDs or mount paths.
Audit Metadata