The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill relies on executing local shell scripts (scripts/import-all-dashboards.sh, scripts/export-dashboards.sh, scripts/create-folder.sh) to perform its core functions. This behavior assumes the underlying scripts are secure and handled by a trusted environment.
[COMMAND_EXECUTION] (MEDIUM): The create-custom operation takes user-provided parameters (name, type, panels) and passes them to internal logic. If these parameters are interpolated into shell commands within scripts/create-custom.sh (implied by the dashboard creation logic) without rigorous sanitization, it could lead to command injection via shell metacharacters (e.g., ;, &&, |).
[DATA_EXFILTRATION] (LOW): The skill performs local network operations to localhost:3000 (Grafana API) and writes dashboard backups to the local filesystem (.observability/backups/). These are consistent with the skill's stated purpose but represent a local data access surface.
[PROMPT_INJECTION] (LOW): The skill's input parameters for dashboard creation could be used as a vector for indirect prompt injection if the resulting dashboard metadata is subsequently processed by an AI agent that interprets the dashboard names or panel descriptions as instructions.

observability-dashboard-creator