discord
Warn
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
kabi-discord-clipackage usinguv tool installorpipx install. This is an external dependency from a third-party source (github.com/jackwener/discord-cli) that is not included in the trusted vendor list. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing shell commands via the
discordCLI tool to perform operations such as syncing history, searching messages, and exporting data. - [CREDENTIALS_UNSAFE]: The skill handles highly sensitive Discord authentication tokens. It promotes the use of
discord auth --saveto automatically extract tokens from the local Discord desktop application or browser sessions. While the documentation warns against echoing these tokens, the automated extraction and management of such credentials by an agent pose a security risk. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) by ingesting untrusted content from external Discord messages.
- Ingestion points: External message content is retrieved via commands like
discord dc history,discord dc search, anddiscord today(SKILL.md, references/commands.md). - Boundary markers: Absent. The instructions do not mandate the use of delimiters or specific warnings to prevent the agent from obeying instructions embedded within the Discord messages it reads.
- Capability inventory: The agent possesses the capability to execute arbitrary
discordCLI commands, which could be exploited if malicious instructions are processed (SKILL.md). - Sanitization: Absent. There are no instructions or mechanisms provided to sanitize or filter the content retrieved from Discord before it is presented to the agent's context.
Audit Metadata