discord-integration

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt exposes and references bot tokens (including example token strings and commands like curl -H "Authorization: Bot TOKEN" and cat ~/.claude/.../.env), and instructs reading/embedding those tokens for REST calls and verification, which requires the agent to handle/output secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and examples (e.g., SKILL.md Step 2 and examples.md) explicitly call mcp__discord__read-messages and instruct the agent to read and act on Discord channel messages — untrusted, user-generated third-party content that could contain instructions influencing tool use and next actions.