add-discord

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask the user for their Discord bot token and to insert that token verbatim into files/commands (e.g., DISCORD_BOT_TOKEN= and .env handling), which requires the LLM to handle/output the secret directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill adds a Discord bot channel that ingests and acts on user-generated Discord messages (see Phase 3 "Create Discord Bot" which requires enabling Message Content Intent and Phase 5/"After Setup" which says the bot reads messages, attachments, and reply context), so untrusted third-party content will be read and can influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly runs git fetch/merge on the remote https://github.com/qwibitai/nanoclaw-discord.git during runtime to pull in source files (e.g., src/channels/discord.ts) that will be built and executed, thus injecting remote code that directly changes agent behavior.