discord-agent
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple local JavaScript scripts (e.g.,
scripts/post-discord-welcome-embed.mjs,move-discord-channels-phase2.mjs,scripts/fetch-discord-server-map.mjs) using thedotenvCLI tool to perform administrative Discord tasks. - [CREDENTIALS_UNSAFE]: The skill explicitly manages sensitive credentials, specifically
DISCORD_BOT_TOKEN_MNKY_VERSEand other bot tokens. It references loading these from.env.localand suggests referring todocs/DISCORD-BOTS-ENV.md, which likely contains secret configuration details. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its interaction with untrusted external data.
- Ingestion points: Data enters the context via the Discord API (Context7), web searches (Brave Search/Tavily), and external integrations (Supabase, Notion).
- Boundary markers: The instructions do not define delimiters or specific "ignore" rules for data ingested from these external sources.
- Capability inventory: The agent possesses command execution capabilities (running local scripts), network operation capabilities (Discord API interaction), and file system access (reading/writing project documentation).
- Sanitization: There is no evidence of sanitization or validation of the content retrieved from external APIs or search results before it is processed or used to influence further actions.
Audit Metadata