prom-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill makes authenticated HTTP calls to whatever PROMETHEUS_URL is set (see scripts/prom-query.sh api_get and cmd_alerts/explore/rules), and the docs/tests explicitly reference a public demo Prometheus instance (TESTING.md: https://demo.promlabs.com), so it ingests untrusted/third‑party metrics, alert annotations and metadata which the agent reads and uses to drive triage and follow-up actions per SKILL.md/README — allowing indirect instruction injection via those fields.