agent-discord

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The package explicitly implements automated extraction of Discord user tokens from local LevelDB storage and stores plaintext credentials for full account access (read/send messages, upload files, enumerate servers/members), which is a deliberate credential-theft/self‑botting capability enabling account takeover and abuse even though no hidden remote exfiltration or obfuscated payloads are present.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests user-generated content from Discord (e.g., via "agent-discord message list", "agent-discord snapshot" and the monitor-channel.sh/template scripts) so the agent reads channel messages and recent_messages from Discord servers (third-party public/user content) which can influence actions like auto-responses and tool use.