discord
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits user-provided content to official Discord API endpoints (discord.com). This behavior is the primary intended function of the skill and does not involve the exfiltration of sensitive local data or unauthorized communication with untrusted domains.
- [CREDENTIALS_UNSAFE]: The skill correctly identifies Discord bot tokens and webhook URLs as sensitive secrets. It explicitly warns against hardcoding these values and includes a
redact_url_in_errorsmechanism in the_http.pymodule to prevent the leakage of embedded webhook tokens in logs or exception messages. - [COMMAND_EXECUTION]: The skill includes Python scripts (
post_webhook.py,send_message.py) intended to be executed by the agent to perform Discord messaging tasks. These scripts are limited to sending HTTP requests to the Discord API and do not facilitate arbitrary command execution. - [EXTERNAL_DOWNLOADS]: The implementation relies on the well-known
requestsPython library for handling HTTP communications. It does not perform any unverified remote script execution (e.g., curl|bash) or download binary components from untrusted sources.
Audit Metadata