discord

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an example that places the Discord bot token directly in a curl JSON payload (botToken: "YOUR_BOT_TOKEN"), which would require the agent to accept and embed secret values verbatim in generated commands/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly reads Discord message content and downloads user file attachments ("The bot requires MESSAGE_CONTENT intent", "File attachments (images, documents) sent by users are downloaded and passed to Alma", and "Group chat history is tracked per channel") as stated in SKILL.md, exposing the agent to untrusted, user-generated third-party content that can influence its actions.