discord-skill
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection vulnerability. The skill processes untrusted data from Discord which could contain malicious instructions.
- Ingestion points: Message content is ingested via the
messagesandsearchcommands indiscord_skill.py. - Boundary markers: The skill lacks explicit delimiters or instructions to prevent the agent from following commands embedded within retrieved Discord messages.
- Capability inventory: The skill utilizes the
Bashtool to execute its Python logic and theReadtool to access files. - Sanitization: While data is structured as JSON, there is no filtering of the actual message strings to neutralize potential command-like text.
- [CREDENTIALS_UNSAFE]: The skill manages highly sensitive Discord authentication tokens and OAuth secrets.
- It creates and reads
credentials.jsonand stores session tokens in the~/.claude/skills/discord-skill/tokens/directory. - Exposure of these files would grant full access to the associated Discord bot or user account.
- [COMMAND_EXECUTION]: The skill relies on the
Bashtool to invoke its underlying Python script (discord_skill.py). This is a high-privilege capability required for the skill's primary function but increases the impact of a successful prompt injection. - [SAFE]: The skill includes a robust safety guardrail requiring explicit user confirmation before any message is sent, which mitigates the risk of unauthorized external communication.
Audit Metadata