The Agent Skills Directory

[PROMPT_INJECTION]: The skill is subject to indirect prompt injection as it processes untrusted data from Discord messages and attachments. However, it mitigates this risk through a comprehensive 'Security Notice' and a flag_suspicious heuristic function that warns the agent about instruction overrides or role hijacking patterns in the data.
Ingestion points: Discord message text, filenames, and embed titles extracted via the Bot API or browser DOM (SKILL.md, Path A/B).
Boundary markers: The skill provides explicit instructions to treat all fetched content as untrusted data and to ignore any actionable commands or instructions found within it (SKILL.md).
Capability inventory: The agent uses curl for downloading files and browser_tool for JavaScript execution in the browser context (references/code-examples.md).
Sanitization: Implements sanitize_filename to remove path traversal characters and flag_suspicious to detect common injection patterns (references/code-examples.md).
[COMMAND_EXECUTION]: The skill utilizes curl for downloading archived assets and browser automation tools for DOM extraction. These operations are performed with strict safety checks.
The validate_url function ensures that only HTTPS connections to specific Discord CDN domains are allowed, preventing SSRF and connections to untrusted hosts.
The sanitize_filename function ensures that filenames derived from Discord are stripped of path traversal components (e.g., ../) and shell-unsafe characters before being used in file system operations.
[DATA_EXFILTRATION]: The skill's primary function is to extract data from Discord. This is the intended behavior and is managed safely by saving the data to a user-defined local directory and redacting authentication tokens from log files (references/code-examples.md).
[EXTERNAL_DOWNLOADS]: Fetches images and files from Discord's official CDNs. These are well-known services and the skill uses a strict allowlist to ensure only content from these domains is downloaded.

discord-harvest