discord-py

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt contains code examples that embed the bot token directly as a string literal (e.g., client.run('YOUR_BOT_TOKEN') / client.run('TOKEN')), which encourages including secret values verbatim in generated code or outputs and therefore poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's examples and handlers explicitly read and process arbitrary Discord user-generated content (e.g., on_message, reading message.content and attachments, forum thread operations like read_post which fetches starter messages, and iterating forum.archived_threads), exposing the agent to untrusted third-party content from Discord.