docker-escape
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill provides functional payloads for reverse shells and instructions for downloading and executing external scripts. It also employs runtime compilation to execute exploit code. Furthermore, it is vulnerable to indirect prompt injection when processing untrusted data from the Docker API (e.g., images/json), which is piped directly to a Python interpreter without sanitization or boundary markers. Automated scanners identified an infected file (references/escape-methods.md) containing exploit signatures.
- [COMMAND_EXECUTION]: Extensive use of shell commands for container environment enumeration and exploitation of misconfigurations, such as mounting the Docker socket or running in privileged mode, to achieve host-level root access.
- [EXTERNAL_DOWNLOADS]: Recommends fetching third-party security and exploitation tools, such as CDK and deepce, from public GitHub repositories.
- [DATA_EXFILTRATION]: Provides specific methods and instructions for exfiltrating high-value files, including shadow files, SSH keys, and cloud credentials, from the host system following a successful container escape.
Recommendations
- HIGH: Downloads and executes remote code from: http://localhost/images/json - DO NOT USE without thorough review
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- AI detected serious security threats
Audit Metadata