Skills
skills/nocoo/uptime-kuma-skill/uptime-kuma/Gen Agent Trust Hub

uptime-kuma

Pass

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to create and run temporary scripts. It involves copying a template file (scripts/socketio-client.mjs) to a temporary location, injecting specific commands, and executing it using the bun runtime.
  • [EXTERNAL_DOWNLOADS]: The skill relies on the socket.io-client Node.js package, which is required for Socket.IO communication.
  • [PROMPT_INJECTION]: The skill processes data from a remote Uptime Kuma instance, creating an indirect prompt injection surface.
  • Ingestion points: Retrieves monitor names, URLs, and status messages from the Prometheus /metrics endpoint and Socket.IO monitorList events.
  • Boundary markers: No delimiters or specific instructions are provided to the agent to treat this external data as untrusted.
  • Capability inventory: The skill utilizes curl, jq, and the bun runtime to perform its functions.
  • Sanitization: There is no evidence of sanitization or validation performed on the retrieved monitor data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 20, 2026, 11:04 AM