PPrometheus MCP 服务器一个简化版的Prometheus MCP服务器，用于收集和暴露MCP服务器的指标

mcp-so:prometheus-mcp-server_qingshanyuluo

View source

100/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 1

Findings (1)

LOW

User-provided URL consumed by agent INDIRECT_005

indirect-injection L21

Detects skills where user-provided URLs are consumed and processed by the agent

access the metrics via the provided URL

FIX

Validate and sanitize user-provided URLs before fetching them. Implement URL allowlisting, block private/internal IP ranges, and treat fetched content as untrusted data.

FP?

Likely FP if the skill is a web browser or URL fetcher where consuming user-provided URLs is the documented core feature with appropriate sandboxing.