monte-carlo-prevent
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection attack surface where data from an external API is incorporated into the agent's context.\n
- Ingestion points: The agent ingests external data using the
getQueryData,getAlerts, andgetTabletools as described inreferences/workflows.md.\n - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings when processing data retrieved from the Monte Carlo API.\n
- Capability inventory: The agent possesses the ability to write and edit local files and execute shell commands via the
montecarloCLI tool.\n - Sanitization: There is no description of sanitization, filtering, or validation processes for the data retrieved from external sources.\n- [COMMAND_EXECUTION]: The skill automates the execution of local command-line tools.\n
- Evidence: Workflow 2 in
references/workflows.mdinstructs the agent to run the commandmontecarlo monitors apply --auto-yes.\n - Notes: The inclusion of the
--auto-yesflag allows the command to bypass manual confirmation steps, increasing the agent's autonomy during resource configuration.
Audit Metadata