uptime-kuma
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests data from an external monitoring server that could be controlled by an adversary. ● Ingestion points: Monitor names, heartbeat history, and status summaries retrieved by scripts/kuma.py. ● Boundary markers: None present in instructions. ● Capability inventory: The agent can add, delete, pause, and resume monitors, providing a significant attack surface if the agent obeys instructions embedded in monitor metadata. ● Sanitization: Unverifiable as the script content is missing.
- COMMAND_EXECUTION (HIGH): The skill defines several commands that execute a local file 'scripts/kuma.py'. Since the source code for this file is not included in the package, the skill's actual behavior on the host system cannot be verified, posing a risk of arbitrary or malicious command execution.
- CREDENTIALS_UNSAFE (MEDIUM): The skill requires the 'UPTIME_KUMA_PASSWORD' environment variable, which exposes sensitive login credentials to the agent's runtime environment.
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the 'uptime-kuma-api' package from PyPI. While this is a standard library for Uptime Kuma, it represents an external dependency that must be trusted.
Recommendations
- AI detected serious security threats
Audit Metadata