notify-discord
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute
curlfor interacting with the Discord API. The request body is dynamically generated from user-provided$ARGUMENTS. This pattern poses a risk of command injection if the agent does not properly escape or sanitize these arguments when constructing the final shell command. - [DATA_EXFILTRATION]: The skill transmits information to a
webhook_url. While the intended destination is Discord (a well-known service), the skill's logic allows sending data to any URL stored inconfig.jsonor provided by the user during the setup phase. - [PROMPT_INJECTION]: The skill processes untrusted user input to determine message content and influence command parameters, creating a surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via the
$ARGUMENTSvariable inSKILL.md. - Boundary markers: No explicit delimiters or "ignore" instructions are present to separate untrusted user data from the core command logic.
- Capability inventory: The skill possesses the capability to execute shell commands (
Bash) and perform network operations (curl). - Sanitization: The instructions do not specify any sanitization or escaping protocols for the input before it is interpolated into the shell command or JSON payload.
Audit Metadata