Trust Assessment
prometheus received a trust score of 75/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 1 high, 2 medium, and 0 low severity. Key findings include Potential Command Injection via Helm Installation, Unpinned Helm Chart in Installation Command, Potential Command Injection via Prometheus Reload Endpoint.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Command Injection via Helm Installation The skill package contains a `helm install` command that, if executed by an AI agent, could lead to the deployment of software on a Kubernetes cluster. This command requires significant permissions and represents a direct system modification capability. If the agent's execution environment is compromised or the skill is misused, this could lead to unauthorized resource consumption, data exposure, or denial of service. If the AI agent is intended to execute such commands, ensure robust sandboxing and explicit user confirmation for critical operations. If this is purely documentation, clarify that these are examples and not executable by the agent without explicit user intent and authorization. | LLM | SKILL.md:40 | |
| MEDIUM | Unpinned Helm Chart in Installation Command The `helm install` command uses a community Helm chart (`prometheus-community/kube-prometheus-stack`) without specifying a version. This introduces a supply chain risk, as future executions could pull different versions of the chart, potentially introducing vulnerabilities, breaking changes, or malicious code if the upstream repository is compromised. It's a best practice to pin dependencies to specific versions. Pin the Helm chart to a specific, known-good version (e.g., `--version 45.0.0`) to ensure deterministic deployments and mitigate supply chain risks. Regularly review and update pinned versions. | LLM | SKILL.md:40 | |
| MEDIUM | Potential Command Injection via Prometheus Reload Endpoint The skill package includes a `curl` command to reload the Prometheus configuration (`curl -X POST http://localhost:9090/-/reload`). If an AI agent is capable of executing shell commands, this could be used to trigger a configuration reload on a running Prometheus instance. While this specific command targets `localhost`, if the agent operates in an environment where it can reach a Prometheus instance, it could be used to apply a compromised configuration or disrupt service. If the AI agent is intended to execute such commands, ensure strict access controls and user confirmation for actions that modify running services. If this is purely documentation, clarify its informational nature. | LLM | SKILL.md:249 |
Scan History
Embed Code
[](https://skillshield.io/report/767f8a9f40f0c382)
Powered by SkillShield