parallels-discord-roundtrip
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The execution instructions include a shell command that uses
sshto retrieve a Discord token from a configuration file located at~/.openclaw/openclaw.jsonon a specific remote host (peters-mac-studio-1). Accessing secret tokens from configuration files in hidden directories is a sensitive operation. - [COMMAND_EXECUTION]: The skill uses
pnpmandprlctlto execute test suites and manage virtual machine snapshots. This involves direct shell command execution on the host and within the guest environment. - [PROMPT_INJECTION]: The skill implements an end-to-end roundtrip that involves reading messages from a Discord channel using the
openclaw message readcommand. This introduces an indirect prompt injection risk where untrusted content from the chat history could influence agent behavior. - Ingestion points: The
openclaw message readcommand (SKILL.md). - Boundary markers: No specific delimiters or safety instructions are provided to isolate the ingested Discord messages from the agent's instructions.
- Capability inventory: The skill utilizes shell execution via
pnpm,prlctl exec, andssh(SKILL.md). - Sanitization: There is no evidence of sanitization or validation of the content read from the Discord channel.
Audit Metadata