Skills
skills/alsk1992/cloddsbot/monitoring/Gen Agent Trust Hub

monitoring

Warn

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Dynamic Execution (MEDIUM): The skill uses relative path dynamic imports (../../../infra/index, ../../../monitoring/metrics, ../../../monitoring/alerts) in index.ts to load and execute code from the host environment outside the skill's root directory. This couples the skill to the host's file system and allows execution of code not reviewed within the skill itself.
  • Data Exposure & Exfiltration (LOW): Commands like /monitor status and /monitor metrics disclose host details (Node.js version, platform, CPU model, memory usage), which can be used for system reconnaissance.
  • Indirect Prompt Injection (LOW): The skill processes untrusted error and alert data from the host. 1. Ingestion points: alertManager.getHistory in index.ts. 2. Boundary markers: Absent. 3. Capability inventory: Host system monitoring and log access. 4. Sanitization: None.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 20, 2026, 08:52 PM