discord

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.80). It's a third‑party GitHub repository (not a vetted vendor download) that requires extracting and storing your Discord token and running code from an individual maintainer — a sensitive capability that can be abused to exfiltrate credentials or run arbitrary code, so treat it as suspicious.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly syncs and searches user-generated Discord messages using discord-cli (see SKILL.md Steps 2–4 and references/commands.md), so the agent ingests untrusted third-party content (Discord channels/messages) and uses it to drive analysis and actions, enabling indirect prompt injection risk.