Skills
skills/ninehills/skills/discord/Gen Agent Trust Hub

discord

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via its ingestion of external Discord content.
  • Ingestion points: The bot reads Discord message content from mentions, replies, and DMs, and it downloads user-provided file attachments (SKILL.md).
  • Boundary markers: No explicit markers or instructions are defined to separate the untrusted Discord content from the agent's system instructions.
  • Capability inventory: The agent has access to the Bash tool and can perform file system reads to send local files to Discord channels (SKILL.md).
  • Sanitization: No sanitization or validation of the content received from Discord is documented before it enters the agent's context.
  • [COMMAND_EXECUTION]: The skill is explicitly allowed to use the Bash tool, which is utilized in the provided examples to interact with the local Alma management API via curl for configuration and messaging (SKILL.md).
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 09:32 AM