containers-internals

Warn

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for executing administrative commands such as nsenter, unshare, and mount. These tools are used to manipulate process namespaces and filesystem structures.
  • [COMMAND_EXECUTION]: Includes instructions for executing the runc container runtime using sudo, which provides the process with root-level access to the host system.
  • [EXTERNAL_DOWNLOADS]: References the official Docker/Moby default seccomp profile from the project's GitHub repository. This is an informative reference to a well-known service.
  • [DATA_EXPOSURE]: The workflow involves reading system-level information from sensitive paths including /proc and /sys/fs/cgroup.
  • [PROMPT_INJECTION]: The skill implements an attack surface for indirect prompt injection by processing untrusted user queries while possessing high-privilege capabilities.
  • Ingestion points: User queries about namespaces, cgroups, and container isolation processed via SKILL.md.
  • Boundary markers: None provided.
  • Capability inventory: Command execution capabilities including sudo, mount, and nsenter across system management workflows.
  • Sanitization: No evidence of input validation or escaping for dynamic values like process IDs or mount paths.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 12:05 PM