discord-notify
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill triggers its primary functionality by executing a Node.js script (
send.js) via a shell command as documented inSKILL.md. - [EXTERNAL_DOWNLOADS]: The skill's
package.jsonspecifies dependencies on well-known librariesnode-fetchandhttps-proxy-agentfor managing HTTP requests and proxy configurations. - [DATA_EXFILTRATION]: User-provided message content is transmitted to the official Discord API (
https://discord.com/api/v10/). This network operation is the intended purpose of the skill. - [PROMPT_INJECTION]: The skill demonstrates an attack surface for indirect prompt injection by placing untrusted user input into a shell command template in
SKILL.md. - Ingestion points: The
MESSAGEargument in the CLI execution command withinSKILL.md. - Boundary markers: Absent; input is enclosed in double quotes.
- Capability inventory: Execution of local scripts and network transmission to external APIs via
send.js. - Sanitization: None provided within the skill's scripts; relies on the agent platform to handle shell escaping.
- [SAFE]: The skill follows security best practices for secret management by requiring the
DISCORD_BOT_TOKENto be provided via environment variables rather than hardcoding credentials.
Audit Metadata