discord-bot
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides instructions for creating an AI-integrated Discord bot that processes user-provided inputs via mentions, DMs, and slash commands (e.g., '/ask', '/summarize', '/imagine'). This creates a surface for indirect prompt injection where external users could attempt to manipulate the bot's behavior or exfiltrate information through the agent's tools.
- Ingestion points: User messages, DMs, and slash command options processed in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are included in the 'system_prompt' or command logic templates.
- Capability inventory: The skill utilizes tools for 'discord_send_message', 'discord_create_channel', and 'discord_manage_roles', which could be targeted if the bot is successfully manipulated.
- Sanitization: No input sanitization or validation routines are described for the data passed to the AI models.
Audit Metadata