docker-compose-generator

Generate multi-service Docker Compose files with common stacks (app + DB + Redis + Nginx), volumes, networks, healthchecks, depends_on, environment variables, and profiles.

Quality

73%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Risky

Do not use without reviewing

Optimize this skill with Tessl

npx tessl skill review --optimize ./infrastructure/docker-compose-generator/SKILL.md

1 high severity finding. You should review these findings carefully before considering using this skill.

High

W007: Insecure credential handling detected in skill instructions

What this means

The skill handles credentials insecurely by requiring the agent to include secret values verbatim in its generated output. This exposes credentials in the agent’s context and conversation history, creating a risk of data exfiltration.

Why it was flagged

Insecure credential handling detected (high risk: 0.80). The prompt contains hardcoded plaintext credential defaults and fallback values (e.g., POSTGRES_PASSWORD:-secret, MYSQL_ROOT_PASSWORD:-rootsecret, .env.example entries) so a generator would output secret values verbatim even though it advises using env files, creating an exfiltration risk.

Report incorrect finding

Repository: achreftlili/deep-dev-skills
Commit: 181fcbc

Audited: about 1 month ago
Security analysis

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.