Back to skill

Security audit

Rootly Morning Brief

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Rootly briefing skill, but its Slack digests can expose sensitive incident and on-call details if sent to the wrong channel.

Install only if you are comfortable granting the skill Rootly API access. Use a least-privilege Rootly key, keep private incidents disabled unless the audience is approved, and send Slack announcements only to a restricted operations channel after verifying the destination and cron schedule.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README repeatedly instructs users to deliver the full Rootly digest to Slack via `--announce`, including active incidents, on-call identities, and overdue action items, but it does not warn that this content may contain sensitive operational or personnel information. In practice, users may route the briefing to broad or misconfigured channels, causing unauthorized disclosure of incident details and internal responder data.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The invocation description is broad enough that generic requests about a 'morning ops update' could trigger this skill unintentionally. In this context, unintended activation matters because the skill can access incident data and potentially post scheduled summaries to Slack, creating a risk of unauthorized disclosure or noisy automation if invoked for the wrong request.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.