prometheus-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (e.g., scripts/prom_query.py, scripts/prom_metadata.py, scripts/prom_health.py) fetch and parse data from a user-supplied Prometheus base_url (calling endpoints like /api/v1/alerts, /api/v1/rules, /api/v1/targets), meaning the agent will ingest and display arbitrary/untrusted third‑party content (alert annotations, rule text, target errors, labels) from external Prometheus instances.