discord-reader
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file executes a shell command at load time using the '!' prefix to check tool status.
- [EXTERNAL_DOWNLOADS]: Requires global installation of a third-party npm package '@jackwener/opencli' from an untrusted repository.
- [COMMAND_EXECUTION]: Instructs the agent to modify system configuration files (.bashrc, .zshrc) to persist environment variables and execute shell commands for setup and data retrieval.
- [DATA_EXFILTRATION]: Accesses private user data (Discord messages, server metadata, and member lists) through a local debugging port, exposing sensitive session content to the agent's context.
- [PROMPT_INJECTION]: The skill processes untrusted data from Discord messages, creating a surface for indirect prompt injection. Ingestion points: 'read' and 'search' commands in SKILL.md and references/commands.md. Boundary markers: Absent. Capability inventory: Shell access and package installation. Sanitization: Absent.
Audit Metadata