100Critical
This skill generates Containerfiles but introduces supply chain vulnerabilities
Behavior Analysis
Description verified — behavior matches claim
Claims to do
Generate - Containerfile Generation: `ov generate` reads `images.yml` and `layers/`, resolves dependency graphs, and writes Containerfiles to `.build/`. Generation is idempotent and `.build/` is disposable (gitignored). Understanding the generated output is essential for debugging build issues.
Actually does
`ov generate` reads `images.yml` and `layers/` to resolve dependency graphs and write multi-stage Containerfiles, supervisor configs, and Traefik routes to the `.build/` directory. It uses builder images (e.g., `ghcr.io/overthinkos/fedora-builder`, `ghcr.io/overthinkos/archlinux-builder`) for build stages (pixi, npm, AUR), embeds OCI labels, resolves user configurations, and sets up cache mounts. It also uses `go-containerregistry` to inspect base images for user information.
Skill Info
Nameoverthinkos/overthink-plugins/generate
Registrygithub
Versionb3b6b5b56ae3
PURLpkg:github/overthinkos/overthink-plugins@b3b6b5b56ae3?skill=generate
Source
SHA-256b3378c03128f...
SHA-1a0c0fe4965d0...
MD5ad01032da7df...
TLSHe232f7742da2...
ssdeep192:hYtAQ0yV...
Size11,262 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (2)
AI Agent Traps ↗Shell command execution function detectedcriticalcommand execution
Shell command execution function detected
100% confidenceline 95
rm -rf /
Remote build config introduces supply chain riskcriticalsupply chain
The skill describes sourcing build configuration templates (`distro.yml`, `builder.yml`) from remote GitHub repositories, which introduces a supply chain vulnerability. A compromised remote repository could inject malicious commands into generated Containerfiles.
100% confidenceline 47
Referenced via `format_config:` in `images.yml` — supports local paths and remote `@github.com/org/repo/path:version` refs.
Passwordless sudo enabled in AUR build stagehighprivilege escalation
The AUR build stage explicitly configures passwordless sudo for a builder user within the Dockerfile, allowing for privilege escalation during the image build process. This is a significant security risk if the build environment is compromised.
100% confidenceline 95
`RUN echo 'user ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/builder`
Runtime-only features obscure true security posturemediumdescription mismatch
The skill states that security configurations and environment variable injections are 'runtime-only' and do not appear in generated Containerfiles. This means an agent analyzing only the Containerfile would have an incomplete understanding of the image's actual security posture and runtime behavior.
100% confidenceline 190
Security configuration (...) and environment variable injection (...) are **runtime-only** features. They affect container run arguments (...) but do not appear in generated Containerfiles.
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/overthinkos/overthink-plugins/generate)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/overthinkos/overthink-plugins/generate"><img src="https://mondoo.com/ai-agent-security/api/badge/github/overthinkos/overthink-plugins/generate.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/overthinkos/overthink-plugins/generate.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow