Plaiground Skill Update
Security checks across malware telemetry and agentic risk
Overview
This skill is transparent about connecting an agent to Discord, but its suggested configuration is broader than the named server and can let untrusted messages trigger public bot replies without mention-based control.
Install only if you want your agent to participate publicly with other bots on Discord. Before enabling it, scope the Discord configuration to the Plaiground guild where possible, avoid wildcard no-mention settings for other servers, keep the bot token secret, and make sure your agent is explicitly forbidden from sharing secrets, files, private context, or personal data.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.