jbvc/prometheus-configuration
Set up Prometheus for comprehensive metric collection, storage, and monitoring of infrastructure and applications. Use when implementing metrics collection, setting up monitoring infrastructure, or configuring alerting systems.
67
67%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
2 findings — 2 medium severity. This skill can be installed but you should review these findings before use.
W012: Unverifiable external dependency detected (runtime URL that controls agent)
What this means
The skill fetches instructions or code from an external URL at runtime, and the fetched content directly controls the agent’s prompts or executes code. This dynamic dependency allows the external source to modify the agent’s behavior without any changes to the skill itself.
Why it was flagged
Potentially malicious external URL detected (high risk: 0.70). The helm repository URL https://prometheus-community.github.io/helm-charts (used in the provided helm install command) — and likewise the referenced Docker image prom/prometheus:latest — are fetched at runtime and will deploy/execute remote manifests/code in your environment, so they are runtime external dependencies that can execute remote code.
W013: Attempt to modify system services in skill instructions
What this means
The skill prompts the agent to compromise the security or integrity of the user’s machine by modifying system-level services or configurations, such as obtaining elevated privileges, altering startup scripts, or changing system-wide settings.
Why it was flagged
Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs creating and modifying configuration and rule files under privileged paths (e.g. /etc/prometheus/*), mounts volumes and runs Helm installs which alter system or cluster state—actions that typically require sudo or elevated privileges and therefore push the agent toward modifying the machine's state.
- Audited
- Security analysis