discord-send
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill executes Python scripts (
discord_send.py,persona_status.py) using shell commands. It specifically calls a script located in a sibling directory (../community-agent/tools/persona_status.py), which bypasses standard skill containment and introduces risks if the external directory structure is untrusted. - [CREDENTIALS_UNSAFE] (HIGH): The skill requires a Discord User Token stored in a local
.envfile. The use of user tokens for automation is a violation of Discord's Terms of Service ('self-botting') and presents a high risk of account compromise or termination. - [PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests 'persona' definitions and Discord message content to influence the agent's behavior and output. * Ingestion points: Output of
persona_status.pyand message content when replying. * Capability inventory: Shell command execution via Python. * Boundary markers: None present; external content is interpolated directly into instructions. * Sanitization: No evidence of sanitization or escaping for the external data ingested into the prompt context.
Recommendations
- AI detected serious security threats
Audit Metadata