discord
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill correctly identifies Discord bot tokens and webhook URLs as sensitive secrets. It provides explicit instructions and code implementation to use environment variables (
DISCORD_BOT_TOKEN,DISCORD_WEBHOOK_URL) instead of hardcoding credentials. Additionally, thescripts/post_webhook.pyscript implementsredact_url_in_errors=Trueto prevent the secret webhook token from being leaked in diagnostic output. - [COMMAND_EXECUTION]: The skill includes bundled Python utility scripts (
scripts/post_webhook.py,scripts/send_message.py) designed to automate message delivery. These scripts use the standard Python library and therequestspackage to interact with API endpoints. - [EXTERNAL_DOWNLOADS]: The skill performs network operations targeting
discord.com, which is the official and well-known service domain for Discord API interactions. No unauthorized or suspicious third-party domains are contacted.
Audit Metadata