discord-automation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to interact with external Discord data, which serves as a primary ingestion point for untrusted content that could contain hidden instructions for the AI agent.
- Ingestion points: The agent reads message content and metadata using tools like
DISCORDBOT_LIST_MESSAGES,DISCORDBOT_GET_GUILD_MEMBER, andDISCORDBOT_LIST_MESSAGE_REACTIONS_BY_EMOJI. - Boundary markers: There are no instructions or delimiters provided in the skill to help the agent distinguish between legitimate user commands and malicious instructions embedded in message text.
- Capability inventory: The skill provides the agent with high-impact capabilities including creating messages (
DISCORDBOT_CREATE_MESSAGE), managing roles (DISCORDBOT_ADD_GUILD_MEMBER_ROLE), and executing webhooks (DISCORDBOT_EXECUTE_WEBHOOK). - Sanitization: The skill lacks any guidance on sanitizing or validating external message content before it is processed or used in downstream tool calls.
- [NO_CODE] (SAFE): The skill consists exclusively of YAML metadata and Markdown instructions. It does not contain any executable scripts (Python, Node.js, or Shell), which eliminates the risk of direct malicious code execution from the skill itself.
Audit Metadata