Security Audit
prometheus-configuration
github.com/sickn33/antigravity-awesome-skillsTrust Assessment
prometheus-configuration received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 0 medium, and 2 low severity. Key findings include Unpinned Docker image tag, Unpinned Helm chart version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 20, 2026 (commit e36d6fd3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| LOW | Unpinned Docker image tag The Docker Compose configuration uses the ':latest' tag for the 'prom/prometheus' image. Using ':latest' can lead to unpredictable deployments, as the image content can change without warning, potentially introducing breaking changes or security vulnerabilities. It is recommended to pin to a specific, stable version. Replace 'prom/prometheus:latest' with a specific, stable version tag (e.g., 'prom/prometheus:v2.47.0'). | LLM | SKILL.md:59 | |
| LOW | Unpinned Helm chart version The Helm installation command does not specify a chart version. This means it will always install the latest available version of the 'kube-prometheus-stack' chart, which can lead to unexpected changes in behavior or configuration, and potentially introduce vulnerabilities or breaking changes. It is recommended to pin to a specific chart version. Add the '--version <chart-version>' flag to the 'helm install' command (e.g., 'helm install prometheus prometheus-community/kube-prometheus-stack --version 49.0.0'). | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/032f52e9cd8b9c7b)
Powered by SkillShield