The Agent Skills Directory

[PROMPT_INJECTION] (LOW): Detected a potential indirect prompt injection surface (Category 8) where untrusted data from a Prometheus server is ingested by the agent. An attacker could potentially influence the agent's behavior by crafting malicious metric labels or alert annotations that the agent then processes as part of a health check.
Ingestion points: scripts/prometheus-health-check.sh (lines 33, 44, 53, 62) reads metric labels and alert annotations from various Prometheus API endpoints.
Boundary markers: Absent; the script outputs raw text results without delimiters or instructions for the agent to ignore embedded commands.
Capability inventory: The skill contains scripts (scripts/backup-grafana.sh, scripts/prometheus-health-check.sh) that use curl for network access and handle authentication credentials.
Sanitization: Absent; the data is extracted via jq and printed directly without filtering for instructional keywords.
[DATA_EXPOSURE] (SAFE): The assets/prometheus-config.yaml file references standard Kubernetes service account token paths (/var/run/secrets/kubernetes.io/serviceaccount/token). This is the expected and documented configuration for Kubernetes monitoring and does not indicate a security violation.
[COMMAND_EXECUTION] (SAFE): Bash scripts use standard tools such as curl and jq for legitimate administrative tasks. No evidence of unauthorized command injection or suspicious subprocess spawning was found.

prometheus-grafana