prometheus
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several Python scripts (
scripts/prom_query.py,scripts/prom_metadata.py,scripts/prom_health.py) designed to interface with the Prometheus HTTP API. These are local utility scripts provided as part of the skill's core functionality. - [DATA_EXPOSURE]: The skill performs network operations to fetch monitoring data from a Prometheus server. These operations are limited to the API endpoints defined in the documentation and use the URL provided by the user or environment. No access to sensitive system files, credentials, or environment variables was detected.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes data from an external Prometheus API.
- Ingestion points: Data enters the agent's context through JSON responses from Prometheus endpoints (e.g.,
/api/v1/query,/api/v1/targets) processed by the included scripts. - Boundary markers: The script outputs do not use specific delimiters to isolate the monitoring data from the agent's instructions.
- Capability inventory: The skill allows network communication via standard Python libraries and execution of its internal scripts to retrieve metrics.
- Sanitization: API responses are parsed using the standard Python
jsonlibrary, which ensures structured data handling.
Audit Metadata