discord
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill documentation includes two piped-to-bash installation commands:
curl -sSL https://canifi.com/skills/discord/install.sh | bashandcurl -sSL https://canifi.com/install.sh | bash. These commands execute unverified remote scripts from the untrusted domaincanifi.comdirectly in the user's shell. - CREDENTIALS_UNSAFE (HIGH): The skill guides users to store cleartext passwords, such as
DISCORD_PASSWORD, in local environment variables using thecanifi-envutility. This sensitive data is accessible to any scripts executed on the machine, including the unverified installation scripts. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection. Ingestion points: The skill reads Discord messages and server data via Playwright. Boundary markers: Absent; there are no instructions to ignore commands within retrieved data. Capability inventory: The agent can kick/ban users, manage server permissions, and change settings. Sanitization: None; it interacts with raw message content from untrusted server members.
- COMMAND_EXECUTION (MEDIUM): The skill uses Playwright for browser automation and references sending iMessage notifications for 2FA, indicating it operates with significant privileges to interact with system applications and the network.
Recommendations
- HIGH: Downloads and executes remote code from: https://canifi.com/install.sh, https://canifi.com/skills/discord/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata