add-discord
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill adds a git remote for
https://github.com/qwibitai/nanoclaw-discord.gitand merges remote code into the project. This is a vendor-owned resource used for adding the necessary Discord channel implementation.\n- [COMMAND_EXECUTION]: Shell commands are used for installation (npm install), project building (npm run build), automated testing (npx vitest), and service management (launchctl). Registration of the channel is performed via a local TypeScript execution tool (npx tsx).\n- [PROMPT_INJECTION]: The Discord bot integration creates an indirect prompt injection surface by allowing the agent to ingest and respond to untrusted messages from the Discord network.\n - Ingestion points: Discord text messages and @mentions processed via
src/channels/discord.ts.\n - Boundary markers: Interactions are constrained by bot triggers (@mentions) or designated 'main' channel settings.\n
- Capability inventory: The agent possesses capabilities to execute shell commands, modify project files, and manage local services.\n
- Sanitization: No explicit sanitization or instruction-filtering logic for Discord message content is documented within the skill setup.
Audit Metadata