docker-impl-compose-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs using remote/third-party compose files (see "Remote Compose Files" and "Include" sections with examples like -f https://github.com/... , -f oci://registry..., and include: oci://docker.io/user/app:latest), which causes the agent to fetch and interpret untrusted public repository/registry content that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes explicit runtime commands that fetch and execute remote compose definitions (e.g., "docker compose -f https://github.com/myorg/infra.git up" and "docker compose -f oci://registry.example.com/myapp:latest up"), which would load external content at runtime that directly controls what is executed in containers.