prometheus

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill config instructs Prometheus to scrape and ingest metrics from arbitrary external sources (e.g., static_configs targets, file_sd_configs like /etc/prometheus/targets/*.json, Kubernetes annotations/service discovery, DNS/EC2/Consul SD), and those untrusted/user-provided metrics and labels are read and used in queries and alert annotations, so third‑party content would be interpreted at runtime.