discord-list
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The skill requires a
DISCORD_USER_TOKENstored in a.envfile. Discord User Tokens grant full access to a user's account and are highly sensitive; storing them in plain text files in the working directory is a security risk. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Untrusted data is fetched from the Discord API, specifically server names, channel names, and DM usernames via
discord_list.py. - Boundary markers: There are no delimiters or 'ignore embedded instructions' warnings specified in the output formatting.
- Capability inventory: The skill's output is intended to guide the agent's next steps, such as suggesting the use of a
discord-syncskill, creating a direct path for malicious server/channel names to influence agent logic. - Sanitization: No sanitization or escaping of the external strings is mentioned, allowing potential instructions embedded in Discord metadata to reach the agent's prompt.
- [DATA_EXFILTRATION] (MEDIUM): The skill accesses and exposes a user's entire Discord server and DM structure to the agent's context. While this is the stated purpose, it facilitates the exposure of private communication metadata.
- [COMMAND_EXECUTION] (LOW): The skill executes a local Python script
${CLAUDE_PLUGIN_ROOT}/tools/discord_list.py. This is standard functionality but provides the mechanism for processing the aforementioned untrusted data.
Recommendations
- AI detected serious security threats
Audit Metadata