querying-mlflow-metrics
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The script
scripts/fetch_metrics.pyutilizesurllib.requestto perform POST requests to a server URL provided via the--serverargument. While this is core to the skill's purpose, it presents a surface for Server-Side Request Forgery (SSRF) if an attacker can manipulate the agent into making requests to internal or unauthorized network endpoints. - [Indirect Prompt Injection] (LOW): The skill ingests data from external tracking servers, which creates a vulnerability to indirect prompt injection.
- Ingestion points: External JSON data is fetched from the MLflow API via
scripts/fetch_metrics.py. - Boundary markers: None. The raw metrics and dimensions are formatted into a table or JSON and returned directly to the agent's context without delimiters.
- Capability inventory: The agent can execute local Python scripts and perform outbound network requests.
- Sanitization: While the script validates metric and dimension names in the request, it does not sanitize the values returned by the server (e.g., a
trace_namestring) which could be crafted to influence the agent's behavior.
Audit Metadata