discord-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires passing secret values like webhook_token as explicit parameters to tool calls (e.g., DISCORDBOT_EXECUTE_WEBHOOK), which means the LLM would need to include secret tokens verbatim in generated tool requests—an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflows explicitly call Discord read endpoints (e.g., DISCORDBOT_LIST_MESSAGES, DISCORDBOT_LIST_MESSAGE_REACTIONS_BY_EMOJI, channel/guild listing and webhook execution) which ingest user-generated/untrusted content from Discord (third-party public/private servers) and that content can materially influence subsequent actions (sending/editing messages, executing webhooks, role changes).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires connecting to the MCP endpoint https://rube.app/mcp at runtime (via RUBE_SEARCH_TOOLS) to fetch current tool schemas that determine the agent's available tools/instructions, so remote content from that URL directly controls agent behavior and is a required dependency.