agent-discord
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill is designed to perform automated extraction of sensitive Discord authentication tokens from the host system. It scans LevelDB storage directories used by the Discord desktop app and searches through multiple Chromium-based browser profiles (including Chrome, Edge, Arc, Brave, and Vivaldi) to locate and decrypt session tokens.
- [CREDENTIALS_UNSAFE]: Extracted tokens are saved in plaintext to a local configuration file at
~/.config/agent-messenger/discord-credentials.json. While the skill specifies file permissions of 0600 (owner read/write only), the persistence of these long-lived credentials in plaintext on the filesystem is a significant security risk. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context via
agent-discord message list,agent-discord channel history, andagent-discord snapshot(found inSKILL.md). - Boundary markers: There are no specified delimiters or instructions to treat external message content as untrusted data.
- Capability inventory: The agent has access to the
Bashtool, allowing it to execute any shell command, including file uploads and message sends via the Discord CLI. - Sanitization: The instructions do not specify any validation or sanitization of message content before it is processed by the agent, allowing a malicious Discord user to influence the agent's behavior.
- [COMMAND_EXECUTION]: The skill relies on the
Bashtool to interact with the system, manage theagent-discordCLI lifecycle, and handle local configuration files for memory and authentication.
Audit Metadata