discord
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill explicitly demonstrates the ability to upload local system files to an external Discord webhook using the curl '-F' flag and the '@' prefix (e.g., 'files[0]=@/etc/os-release'). This mechanism can be easily abused to exfiltrate sensitive data such as SSH keys, configuration files, or environment variables.
- [COMMAND_EXECUTION] (MEDIUM): The provided script uses '"$@"' to pass all user-provided arguments directly to the curl command. This is a form of argument injection that allows the agent to override the intended behavior of the script, such as redirection of output, adding arbitrary HTTP headers, or even changing the target URL from the intended webhook.
Recommendations
- AI detected serious security threats
Audit Metadata