discord-openapi-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes commands through the
uxcutility to manage Discord API authentication and operations. Additionally, the includedscripts/validate.shuses therg(ripgrep) tool locally to ensure the skill's file structure and content integrity. - [EXTERNAL_DOWNLOADS]: Fetches the official Discord OpenAPI specification from a well-known repository on GitHub (
discord-api-spec) to map endpoints. This is a standard procedure for API-based skills and uses a trusted source. - [PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill can read untrusted content from Discord messages. This is a known risk for API-integrated agents, which the skill mitigates by mandating explicit user confirmation for write operations like sending messages or server management.
- [SAFE]: The skill demonstrates safe handling of credentials by using placeholders for manual setup and promoting the use of environment variables. It also provides detailed security guidance regarding OAuth2 scope limitations and bot token permissions.
Audit Metadata