monte-carlo-safe-change
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses directive language ("Do not wait to be asked", "STOP", "REQUIRED") to enforce specific data safety workflows. While authoritative, these instructions are used to implement guardrails against accidental data outages and do not attempt to bypass core AI safety guidelines.- [EXTERNAL_DOWNLOADS]: The skill recommends installing official vendor packages (
montecarlodatavia pip andmcp-remotevia npx) and configures a remote MCP server from a vendor-controlled endpoint:https://integrations.getmontecarlo.com/mcp.- [COMMAND_EXECUTION]: The skill instructions direct the user to execute themontecarloCLI tool to apply monitor configurations as part of its legitimate workflow.- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing external data from Monte Carlo. - Ingestion points: Data is fetched via
getAlerts(alert titles/details),getQueriesForTable(query metadata),getQueryData(raw SQL text), andgetTable(metadata) as seen inreferences/workflows.md. - Boundary markers: Absent. External content is interpolated directly into prompts and reports without delimiters.
- Capability inventory: The skill possesses network access via MCP tools and file-write capabilities for YAML and SQL validation files.
- Sanitization: No sanitization or validation of the content retrieved from the external API is specified before it is used in the agent's context.
Audit Metadata