agent-discord
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: Automatically extracts Discord user tokens from local LevelDB storage files as described in SKILL.md and references/authentication.md. This involves reading plaintext tokens from session data directories.
- [DATA_EXFILTRATION]: Accesses sensitive application data directories across macOS, Linux, and Windows to retrieve session information. The documentation also requests that users grant Full Disk Access to the terminal on macOS to facilitate reading this data.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection from ingested Discord message content. Ingestion points: agent-discord snapshot and message list tools. Capability inventory: tool access for sending messages, managing reactions, and uploading files. Boundary markers and explicit sanitization instructions for external content are absent.
- [COMMAND_EXECUTION]: Executes the custom agent-discord CLI tool via the Bash tool to perform server operations.
- [EXTERNAL_DOWNLOADS]: Downloads and installs the 'agent-messenger' package from npm as part of the installation metadata.
Audit Metadata