discord-harvest
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes untrusted data from Discord messages and attachments. However, it mitigates this risk through a comprehensive 'Security Notice' and a
flag_suspiciousheuristic function that warns the agent about instruction overrides or role hijacking patterns in the data. - Ingestion points: Discord message text, filenames, and embed titles extracted via the Bot API or browser DOM (SKILL.md, Path A/B).
- Boundary markers: The skill provides explicit instructions to treat all fetched content as untrusted data and to ignore any actionable commands or instructions found within it (SKILL.md).
- Capability inventory: The agent uses
curlfor downloading files andbrowser_toolfor JavaScript execution in the browser context (references/code-examples.md). - Sanitization: Implements
sanitize_filenameto remove path traversal characters andflag_suspiciousto detect common injection patterns (references/code-examples.md). - [COMMAND_EXECUTION]: The skill utilizes
curlfor downloading archived assets and browser automation tools for DOM extraction. These operations are performed with strict safety checks. - The
validate_urlfunction ensures that only HTTPS connections to specific Discord CDN domains are allowed, preventing SSRF and connections to untrusted hosts. - The
sanitize_filenamefunction ensures that filenames derived from Discord are stripped of path traversal components (e.g.,../) and shell-unsafe characters before being used in file system operations. - [DATA_EXFILTRATION]: The skill's primary function is to extract data from Discord. This is the intended behavior and is managed safely by saving the data to a user-defined local directory and redacting authentication tokens from log files (references/code-examples.md).
- [EXTERNAL_DOWNLOADS]: Fetches images and files from Discord's official CDNs. These are well-known services and the skill uses a strict allowlist to ensure only content from these domains is downloaded.
Audit Metadata