discord
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The SKILL.md documentation illustrates the use of the file:/// URI scheme within the media field of the send action. This allows the agent to read local system files and transmit them to external Discord servers, which could be exploited to exfiltrate sensitive information if the agent is directed to access unauthorized paths.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The read and search actions in SKILL.md ingest data from external Discord channels. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are present in the skill definition. 3. Capability inventory: The agent has access to several impactful actions including send, edit, delete, and thread-create. 4. Sanitization: No processes for escaping or validating external input are described. Malicious users could influence the agent's behavior by placing hidden instructions in Discord messages.
Audit Metadata