Trust Assessment
discord received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Potential for local file exfiltration via `message` tool.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential for local file exfiltration via `message` tool The skill documentation for the `discord` skill, which uses the `message` tool, includes an example demonstrating how to send media using a `file://` URI (e.g., `media: "file:///tmp/example.png"`). This indicates that the underlying `message` tool, when used for Discord, has the capability to read local files from the filesystem and send them to a Discord channel. If an agent using this skill is compromised (e.g., via prompt injection), it could be instructed to exfiltrate sensitive local files from the host system. Restrict the `message` tool's ability to access local files, or at least limit it to specific, safe directories (e.g., a temporary upload directory managed by the tool, not arbitrary filesystem paths). Alternatively, implement strict allow-listing for file paths or types that can be sent. | Static | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/d9817c1519185260)
Powered by SkillShield