discord
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill documentation and action examples for
sendMessage,emojiUpload, andstickerUploadexplicitly promote the use of thefile:///protocol in themediaUrlparameter. This provides a mechanism for the agent to read arbitrary files from the host filesystem and upload them to Discord. An attacker could potentially exploit this to exfiltrate sensitive configuration files, SSH keys, or credentials if the agent is instructed to do so. - [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection via the
readMessages,fetchMessage, andsearchMessagesactions. These actions ingest untrusted content from external Discord users directly into the agent's context. - Ingestion points: Untrusted data enters the agent context through Discord message history and search results retrieved by the
discordtool. - Boundary markers: There are no boundary markers or instructions to treat ingested Discord content as data rather than instructions.
- Capability inventory: The agent has the capability to send messages, upload files (including local files), and perform administrative actions (moderation, channel management) within Discord.
- Sanitization: No sanitization or validation of the ingested message content is described in the skill.
- [COMMAND_EXECUTION]: The skill includes high-privilege administrative actions such as
timeout,kick,ban, and channel/role management. While some of these are gated by default configuration, they represent a significant capability that could be misused if the agent's instructions are hijacked via prompt injection.
Audit Metadata