testcontainers-guide-migrator
Migrate a Testcontainers guide from testcontainers.com into the Docker docs site (docs.docker.com). Converts AsciiDoc to Hugo Markdown, updates code to the latest Testcontainers API, splits into chapters with stepper navigation, verifies code compiles and tests pass, and validates against Docker docs style rules. Use when asked to migrate a testcontainers guide, add a TC guide, or port content from testcontainers.com to Docker docs.
90
88%
Does it follow best practices?
Impact
—
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
3 findings — 3 medium severity. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning and reading public GitHub repos for testcontainers guides (git clone https://github.com/testcontainers/{REPO_NAME}.git in Step 1 and references to testcontainers.com/guides), and those repository files are parsed, converted, and used to drive code updates, compilation, and test-running—so untrusted third-party content is ingested and can materially influence the agent's actions.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git clone --depth 1 https://github.com/testcontainers/{REPO_NAME}.git at runtime to fetch repository source which is then compiled and executed (tests run inside containers), so remote code is fetched and executed as a required dependency.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill instructs the agent to clone repos, create files, and run Docker containers that mount the host Docker socket (and run build/test commands), which can modify host state and grant powerful control over the machine via the Docker daemon, so it poses a moderate risk.
- Repository
- docker/docs
- Commit
c0aa985
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.