prometheus-api
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill is designed to query and retrieve monitoring data from Prometheus. While this is its primary purpose, it creates a surface for exfiltrating sensitive infrastructure metrics, configuration (via
/api/v1/status/config), and target metadata if used by an unauthorized or malicious agent. - [COMMAND_EXECUTION] (SAFE): The provided Python scripts (
prom_health.py,prom_query.py) use standardurllib.requestfor API interactions andargparsefor CLI management. No dangerous subprocess spawning or dynamic code execution was detected. - [ADMIN_CAPABILITY] (MEDIUM): The skill documentation and API reference include administrative endpoints (
/api/v1/admin/tsdb/*) which allow for data deletion and snapshot creation. While these require the--web.enable-admin-apiflag on the server, the inclusion of these capabilities in a skill increases the risk of accidental or malicious data loss if the agent is given a highly privileged Prometheus URL.
Audit Metadata