The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface where the agent processes untrusted data from external monitoring sources and possesses capabilities to modify the environment.
Ingestion points: The skill ingests untrusted data through tools like query_loki (which retrieves arbitrary log lines) and get_dashboard_by_uid (which retrieves dashboard JSON structures) as defined in references/mcp-tools-guide.md.
Boundary markers: There are no explicit instructions or boundary markers defined in the skill to instruct the agent to ignore embedded instructions within logs or dashboard metadata.
Capability inventory: The skill includes several write-capable tools across its reference files, including update_dashboard, patch_dashboard, create_incident, add_incident_activity, and create_annotation.
Sanitization: No sanitization or filtering logic for external content is present in the provided scripts (scripts/promql_lint.py or scripts/validate_dashboard.py), which focus on syntax and structural validation rather than security filtering.
[SAFE]: The skill contains specific infrastructure details, including an IP address (129.159.149.15) and domains (guydvorkin.com, exportarena.com, etc.). These are documented as vendor resources belonging to the author and do not include sensitive credentials, secrets, or unauthorized data exposure.

grafana-monitoring