discord-automation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt requires passing secrets like webhook_token (and potentially tokens returned by connection tools) as explicit parameters to toolkit calls (e.g., DISCORDBOT_EXECUTE_WEBHOOK), which forces the agent/LLM to handle and emit secret values verbatim in its generated tool calls or outputs.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to call Discord API endpoints that retrieve user-generated content (e.g., DISCORDBOT_LIST_MESSAGES, DISCORDBOT_LIST_MESSAGE_REACTIONS_BY_EMOJI, DISCORDBOT_GET_GUILD_MEMBER) from Discord, and those retrieved messages/reactions/members are used to decide and perform actions (e.g., deleting reactions, updating members), exposing the agent to untrusted third-party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill requires connecting at runtime to Rube MCP (https://rube.app/mcp) and explicitly instructs calling RUBE_SEARCH_TOOLS to fetch current tool schemas from that endpoint, which directly control the agent's available tools/instructions and thus can alter prompts/behavior.