Discord Thread Naming Backstop Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrowly scoped Discord thread-renaming workflow with disclosed mutation behavior and no executable install-time code.

Install only if you intend this agent to rename recent malformed Discord threads in the specified dispatch channel. Use a least-privilege Discord token, keep access limited to the target guild/channel, and prefer an explicit user request or dry run before enabling unattended use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The evals describe broad, natural-language intent such as '低扰动修正新线程标题' and 'dispatch 的线程标题收一收' without requiring a strict invocation phrase or strong negative boundaries. This can cause the skill to trigger on loosely related user requests and perform Discord thread enumeration and renaming in situations the user did not clearly authorize, increasing the chance of unintended side effects in production channels.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal