Skills
skills/heldinhow/openclaw-swarm/discord/Gen Agent Trust Hub

discord

Pass

Audited by Gen Agent Trust Hub on Feb 23, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill demonstrates the use of the file:// URI scheme within the media parameter of the send action (e.g., file:///tmp/example.png). This capability could be exploited to exfiltrate sensitive local files from the host environment if the agent is manipulated into specifying unauthorized file paths.
  • [PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by ingesting untrusted content from external sources through read and search actions.
  • Ingestion points: Discord message content retrieved via action: "read" and action: "search" in SKILL.md.
  • Boundary markers: None identified; instructions do not provide delimiters or warnings for the agent to ignore instructions contained within retrieved messages.
  • Capability inventory: The skill allows reading from the network (Discord), writing to the network (Discord messages/reactions), and accessing the local file system (via media field).
  • Sanitization: No sanitization, validation, or filtering of the incoming message content is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 23, 2026, 12:56 PM