apple-container

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of the container CLI for container management. Certain system-level tasks, such as configuring local DNS domains for containers using container system dns, require sudo because they modify the host's /etc/resolver configuration and restart mDNSResponder. This is standard and necessary behavior for the stated purpose of name-based container access.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading the container tool and guest Linux kernels from reputable sources. This includes downloading the signed .pkg installer from the apple/container repository on GitHub and kernels from the Kata Containers project. These sources are recognized as trusted or well-known services and are used appropriately for system setup.
  • [REMOTE_CODE_EXECUTION]: By design, the skill provides instructions for building and running OCI/Linux containers, which involves executing code contained within container images. The tool implements strong isolation by running each container within its own dedicated lightweight Linux VM, leveraging Apple's Virtualization and Containerization frameworks to mitigate the risk of container escape or host compromise.
  • [REMOTE_CODE_EXECUTION]: The CLI includes a plugin passthrough mechanism that executes binaries named container-<plugin-name> from specific local directories (e.g., /usr/local/libexec/container/plugins/). This is a standard extensibility feature for CLI tools and relies on the integrity of the local filesystem.
  • [DATA_EXFILTRATION]: Registry authentication is handled securely by storing credentials in the macOS Keychain, adhering to platform best practices. Network operations are limited to image management (pull/push) and communication with OCI registries, with configurable schemes for internal or insecure registries.
  • [PROMPT_INJECTION]: The instructions focus on technical documentation and do not contain override markers, safety bypass attempts, or other prompt injection patterns.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 12:03 AM
Security Audit — agent-trust-hub — apple-container