discord
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses the standard
requestslibrary to communicate with the official Discord API atdiscord.com. This is necessary for the skill's primary function and targets a well-known service. - [CREDENTIALS_UNSAFE]: The skill handles sensitive secrets (Bot Tokens and Webhook URLs) securely. It avoids hardcoding by utilizing environment variables (
DISCORD_WEBHOOK_URL,DISCORD_BOT_TOKEN) and includes specific logic inscripts/_http.pyandscripts/post_webhook.pyto redact tokens from URLs in error messages to prevent leakage in log files. - [INDIRECT_PROMPT_INJECTION]: The skill processes external content to be posted to Discord. To prevent exploitation through mass pings or role mentions, the scripts default to a strict
allowed_mentionspolicy ({"parse": []}), which effectively mitigates common injection risks associated with Discord automation.
Audit Metadata