discord
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill defines actions such as
sendMessage,emojiUpload, andstickerUploadthat explicitly support thefile:///protocol via amediaUrlparameter. This feature allows the agent to read arbitrary files from the local filesystem and upload or send them to Discord. This represents a significant data exfiltration risk, as an attacker could instruct the agent to exfiltrate sensitive files, including private keys (e.g.,~/.ssh/id_rsa), configuration files with secrets (.env), or cloud provider credentials. - [EXTERNAL_DOWNLOADS]: The
mediaUrlparameter in multiple actions also allows the agent to fetch content from arbitraryhttps://URLs. This capability enables interaction with untrusted external servers and the retrieval of potentially malicious content. - [PROMPT_INJECTION]: The skill presents a high risk for indirect prompt injection.
- Ingestion points: The agent ingests untrusted data from external sources through the
readMessages,fetchMessage, andsearchMessagesactions. - Boundary markers: The instructions provide no delimiters or safety guidelines to help the agent distinguish between its own instructions and the content of the Discord messages it reads.
- Capability inventory: The skill provides a large suite of administrative tools, including
channelDelete,roleAdd, andtimeout, alongside the dangerousfile:///access. - Sanitization: There is no mention of sanitization or validation for the retrieved message content before it is processed.
Recommendations
- AI detected serious security threats
Audit Metadata