Skills
skills/victoriametrics/skills/victoriametrics-query/Gen Agent Trust Hub

victoriametrics-query

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl utility within a Bash environment to communicate with VictoriaMetrics API endpoints. This is the primary function of the skill and aligns with its described purpose of querying metrics.
  • [PROMPT_INJECTION]:
  • Ingestion points: Untrusted data is ingested from external VictoriaMetrics instances via $VM_METRICS_URL during metric and series discovery operations as seen in SKILL.md.
  • Boundary markers: The skill does not implement explicit boundary markers or instructions to ignore embedded commands within the fetched metric data.
  • Capability inventory: The skill environment provides the Bash tool with curl and jq capabilities, which are used to process and display API responses.
  • Sanitization: Data is parsed using jq, which treats the input as structured JSON. This provides a level of sanitization by ensuring the agent handles the response as data rather than executable instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 07:23 AM