uptime-kuma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches Prometheus metrics ("$BASE_URL/metrics") and receives a pushed "monitorList" via Socket.IO from the configured Uptime Kuma base_url (skills/uptime-kuma/config.json), and those endpoints deliver user-provided monitor names/URLs/keywords that the agent is expected to read and act on (e.g., prioritizing DOWN monitors, creating/editing monitors), so untrusted third-party content can materially influence actions and enable indirect prompt injection.