container-security
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves a legitimate and beneficial security purpose, providing well-structured guidance for auditing infrastructure-as-code files based on recognized security frameworks.
- [PROMPT_INJECTION]: The skill incorporates a robust defense against indirect prompt injection. 1. Ingestion points: It reads untrusted Dockerfiles, manifests, and Helm charts. 2. Boundary markers: It features an explicit 'Prompt Injection Safety Notice' that defines the scope of the assessment. 3. Capability inventory: It uses only restricted, read-only tools like Read, Grep, and Glob. 4. Sanitization: It explicitly instructs the agent to treat manifest content as data and to disregard any embedded instructions or claims of compliance.
- [EXTERNAL_DOWNLOADS]: All external references are linked to authoritative documentation from trusted sources, including the Center for Internet Security (CIS), NIST, and the Kubernetes project. No external packages, scripts, or executables are downloaded.
- [DATA_EXFILTRATION]: The skill uses file system discovery and read tools only. It does not possess tools for network communication, effectively preventing the exfiltration of sensitive data discovered during an audit.
- [COMMAND_EXECUTION]: The skill's operation is restricted to static analysis and pattern matching. It does not execute shell commands, scripts, or binary files.
Audit Metadata