The Agent Skills Directory

[DATA_EXFILTRATION]: Local File Access via URI. The skill documentation explicitly enables the use of file:/// paths for the mediaUrl parameter across multiple actions including sendMessage, emojiUpload, and stickerUpload. This allows an agent to read sensitive local files (such as SSH keys, environment variables, or configuration files) and transmit them to an external Discord server.
[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill processes untrusted data from external Discord environments, which could contain malicious instructions.
Ingestion points: Untrusted data enters the agent context through readMessages, fetchMessage, and searchMessages actions in SKILL.md.
Boundary markers: The instructions lack explicit delimiters or warnings to ignore embedded instructions within processed messages.
Capability inventory: The agent possesses high-impact capabilities including sendMessage (with file upload), roleAdd, channelCreate, and timeout (moderation).
Sanitization: There is no evidence of sanitization or validation of the message content before it is processed by the agent.
[NO_CODE]: This skill consists entirely of instructional markdown and configuration without executable scripts, meaning the described behaviors rely solely on the underlying agent's implementation of the specified actions.

discord