dm-bot
Warn
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
runOpencodefunction inindex.jsuseschild_process.spawnto execute theopencodeCLI. On Windows systems, the code invokescmd.exe /c, which is susceptible to command injection. Malicious Discord messages containing shell metacharacters (e.g.,&,|,^) could be interpreted by the shell and lead to arbitrary code execution. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted user content from Discord messages in
index.jsand passes it directly to the AI-drivenopencodetool without employing boundary markers or 'ignore' instructions. This allows attackers to potentially override the agent's behavior through crafted messages. - [COMMAND_EXECUTION]: The
SKILL.mdfile provides instructions for the agent to execute shell commands vianpx dm-bot. This grants the agent direct capability to manipulate the local SQLite database and filesystem based on its interpretation of user requests, increasing the impact of any successful prompt injection attack.
Audit Metadata