prometheus-monitoring

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to connect to an arbitrary Prometheus endpoint (PROMETHEUS_URL) and to call tools like list_metrics, get_metric_metadata, execute_query and get_targets, which ingest metric names, help text, labels and scrape target data from those external servers (e.g., prom.example.com or Grafana Cloud) — content that can be user-controlled/untrusted and can influence subsequent queries and actions.