Trust Assessment
prometheus-configuration received a trust score of 93/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned Docker image tag in example configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 11, 2026 (commit 5d65aa10). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Docker image tag in example configuration The Docker Compose example uses the `prom/prometheus:latest` image tag. Relying on the `:latest` tag can lead to non-reproducible deployments and unexpected behavior, as the image it points to can change at any time. This introduces a supply chain risk where new vulnerabilities or breaking changes could be introduced without explicit version control. It is best practice to pin Docker images to a specific, immutable version tag. Replace `prom/prometheus:latest` with a specific version tag (e.g., `prom/prometheus:v2.47.0`) to ensure reproducible deployments and better control over dependencies. Advise users to regularly update to newer stable versions. | Static | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/7a7d84df7ee1bebb)
Powered by SkillShield