prometheus-monitoring
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions specify the installation of
prometheus-mcp-serverviapip3from PyPI. The source code is hosted on an unverified third-party GitHub repository (pab1it0/prometheus-mcp-server), which is not part of the trusted organizations list. - [COMMAND_EXECUTION]: To function, the skill executes the
prometheus-mcp-serverbinary on the host system. It also relies on the availability ofpip3for the initial setup phase. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes data from external Prometheus endpoints (such as metric names, help text, and labels).
- Ingestion points: Data enters the agent's context through
list_metrics,get_metric_metadata,execute_query, andget_targetstools. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the retrieved Prometheus data as untrusted or to ignore embedded instructions.
- Capability inventory: While the Prometheus tools themselves are read-only, the agent may possess other tools (e.g., file writing, network requests) that could be triggered by malicious strings found in metric labels or metadata.
- Sanitization: The skill description does not mention any sanitization, filtering, or validation of the content returned by the Prometheus API.
Audit Metadata