Discord Cross-Gateway Delegation

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only skill for Discord bot-to-bot delegation, and its DM relay behavior is expected for that purpose but should be used only in controlled private lanes.

Install only if you control both Discord bots and can keep the delegation lane private. Before using it with real DMs, set strict trigger phrases, tell users that delegated requests may be forwarded to another bot/system, and avoid forwarding secrets or unnecessary personal data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documented workflow explicitly moves task content and results across Discord contexts: from a user's DM to a worker lane and back again. Without explicit user notice, consent, and strict access controls, sensitive DM content may be exposed to additional bots, operators, or channel members beyond what the user reasonably expects, creating a confidentiality and privacy risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal