Config files : Remote data from untrusted source

Some Dockerfile commands involve fetching and executing scripts from remote sources within a Dockerfile, which is potentially a malicious practice.

curl, for example, is used to download a shell script from the internet and then pipe it directly into the shell for execution.
Since the content of the script is executed without review, it could potentially contain malicious code that can harm your system or compromise your data.

The ADD command in a Dockerfile is used to copy files or directories from remote URLs into the container, and if the remote URL is compromised or controlled by an attacker, they can change the content of the file being downloaded. This can be followed by the execution of a malicious code inside the container.