Docker Images Eval ================== Status: failed Score: 61/100 Risk: high Decision: do_not_auto_install Policy: block Reason: Permission surface: shell or command execution, filesystem or document access Install: npx skills add arun-gupta/docker-images Required checks: - PASS Task fit: Task wording matches this skill metadata. - PASS Install path: Install handoff is available. - PASS Install command safety: standard package or runtime install path - WARN Trust score: Potentially useful, but at least one trust signal needs human inspection. - WARN Audit score: Needs review - WARN Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation. - WARN License clarity: Unknown - FAIL Permission surface: shell or command execution, filesystem or document access Warnings: - Trust score: Potentially useful, but at least one trust signal needs human inspection. - Audit score: Needs review - Agent safety gate: Sparse or mixed signals. Useful for discovery, but not for autonomous installation. - README/SKILL.md completeness: Public metadata needs stronger README/SKILL.md context - License clarity: Unknown - Recent maintenance: 9mo since push - High-risk permission hints: Shell or command execution - License is unclear - Dependency or permission surface needs review - Permission surface may require sandboxing - Quality score needs review - Documentation summary is thin Validation plan: 1. Inspect repository, README/SKILL.md, license, and recent commits before production use. 2. Install in an isolated workspace or sandbox with no production secrets available. 3. Run the smallest representative task and record files touched, commands run, network access, and outputs. 4. Compare the selected skill against at least one alternative when the eval status is review or failed. 5. Promote only after the agent reports a successful verification result and unresolved warnings are accepted. Do not use when: - teams that need a vendor-supported SLA - high-compliance environments without internal security review - No major risk signals from current metadata - High-risk permission hints: Shell or command execution - License is unclear - Dependency or permission surface needs review - Permission surface may require sandboxing - Quality score needs review URLs: - Skill: https://www.openagentskill.com/skills/arun-gupta-docker-images - Audit: https://www.openagentskill.com/skills/arun-gupta-docker-images/audit - JSON: https://www.openagentskill.com/api/agent/evals?slug=arun-gupta-docker-images