discord-openapi-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs embedding bot tokens directly into CLI commands and Authorization headers (e.g., --secret "YOUR_BOT_TOKEN_HERE" and Authorization=Bot {{secret}}), which requires the agent to include secret values verbatim in generated commands/outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires network access to the public Discord API (https://discord.com/api/v10) and the Discord OpenAPI spec (https://raw.githubusercontent.com/discord/discord-api-spec/...), and its SKILL.md shows subscribing to Gateway events and capturing MESSAGE_CREATE events (user-generated Discord messages) which the agent is expected to read and could materially influence subsequent REST/gateway actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly requires fetching the Discord OpenAPI spec at runtime via https://raw.githubusercontent.com/discord/discord-api-spec/main/specs/openapi.json (passed to uxc --schema-url), and that fetched JSON directly drives the CLI/schema mapping the agent uses to discover and construct API operations, so it is a runtime dependency that can control agent instructions.