discord-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill directs users to configure a remote MCP server at
https://rube.app/mcp. This domain is not part of the trusted external sources list. Although it is a configuration endpoint rather than a script download, it represents a dependency on an untrusted third-party service. - PROMPT_INJECTION (LOW): High vulnerability to Indirect Prompt Injection due to the processing of untrusted external data.
- Ingestion points: The skill retrieves untrusted data from Discord messages and user profiles via
DISCORDBOT_LIST_MESSAGESandDISCORDBOT_GET_GUILD_MEMBER. - Boundary markers: Absent. There are no instructions or delimiters provided to prevent the agent from executing instructions potentially embedded in Discord messages.
- Capability inventory: The skill enables high-impact capabilities including sending messages (
DISCORDBOT_CREATE_MESSAGE), role management (DISCORDBOT_ADD_GUILD_MEMBER_ROLE), and webhook execution (DISCORDBOT_EXECUTE_WEBHOOK). - Sanitization: Absent. No instructions are provided for sanitizing or validating content retrieved from Discord before the agent acts upon it.
Audit Metadata