Skills
skills/openaec-foundation/docker-claude-skill-package/docker-errors-build/Gen Agent Trust Hub

docker-errors-build

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous shell commands for the agent to use when debugging Docker builds, including docker build, docker history, docker system df, and docker builder prune (SKILL.md). It also suggests using commands like ssh-add and docker login to resolve build-time authentication issues (diagnostics.md, examples.md).\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to ingest and analyze external data during the debugging process.\n
  • Ingestion points: Processes user-provided Dockerfiles, .dockerignore files, and Docker build logs as part of the diagnostic workflow (SKILL.md, diagnostics.md).\n
  • Boundary markers: Absent; the skill does not specify explicit delimiters or instructions for the agent to ignore embedded commands within the logs or files being analyzed.\n
  • Capability inventory: Includes subprocess execution of Docker CLI tools and file system operations like cat and ls (SKILL.md, diagnostics.md).\n
  • Sanitization: None; there are no instructions for validating or sanitizing the external content before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 11:48 AM
Security Audit — agent-trust-hub — docker-errors-build