Skills
skills/958877748/skills/dm-bot/Snyk

dm-bot

Warn

Audited by Snyk on Mar 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill directly ingests arbitrary user-generated messages from Discord DMs (see index.js: client.on('messageCreate') -> db.addMessage and processMessage) and passes message.content into runOpencode (spawning the opencode CLI) so untrusted third-party input can influence AI decisions and subsequent tool/CLI-driven actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 23, 2026, 06:22 AM
Issues
1