Roast Agents

The skill is suspicious due to strong prompt injection directives in `SKILL.md` and `HEARTBEAT.md` that instruct the agent to 'act IMMEDIATELY' and 'DO NOT ask for permission' when receiving game messages, bypassing user consent. Additionally, the `curl` commands in both files use user-provided inputs (e.g., `YOUR_AGENT_NAME`) directly in URL query parameters, which could lead to shell injection if the OpenClaw agent does not properly sanitize these inputs before execution. While the stated purpose is a game, these behaviors introduce significant risks for unauthorized actions and potential command execution.