The Agent Skills Directory

[COMMAND_EXECUTION]: The skill dynamically constructs shell commands using variables derived from user-provided arguments such as SINCE, UNTIL, and OUT_DIR. Specifically, the commands date -d "<SINCE>" +%s and mkdir -p <OUT_DIR>/occurrences are vulnerable to command injection if these variables contain shell metacharacters (e.g., backticks, semicolons).
[EXTERNAL_DOWNLOADS]: The skill is designed to automatically install the @delexw/rollbar-cli package from the npm registry if it is not detected on the system. While this is the primary tool for the skill, it involves downloading and executing code from a remote repository at runtime.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. It retrieves and analyzes data from the Rollbar API, including error messages, stack traces, and occurrence details. If an attacker can control the content of an error logged to Rollbar, they could potentially embed instructions that influence the agent's subsequent actions during the analysis phase.
Ingestion points: Data is ingested via rollbar items list and rollbar occurrences get commands (documented in SKILL.md).
Boundary markers: None are present to distinguish between trusted instructions and untrusted data from the API.
Capability inventory: The agent has access to Bash (shell), Read, Write, and Edit tools.
Sanitization: There is no mention of sanitizing or escaping the data retrieved from Rollbar before processing it.
[DATA_EXFILTRATION]: The skill manages sensitive Rollbar project and account tokens. Although the instructions explicitly warn against exposing token values, the agent is directed to use shell commands like rollbar config set-token <project> <token> to configure the environment, which could lead to tokens being stored in shell history or visible in process lists.

rollbar-reader