setup-prometheus-monitoring

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads and installs a Prometheus binary at runtime using wget https://github.com/prometheus/prometheus/releases/download/v2.48.0/prometheus-2.48.0.linux-amd64.tar.gz, which fetches and installs executable remote code that the skill relies on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs creating and modifying system-level files (under /etc and /var), copying binaries with sudo, changing ownership, and enabling/starting systemd services via sudo—i.e., it directs privileged modifications to the host system.