ai-chat-persistence
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill provides a command to fetch a 'recipe' from
https://fullstackrecipes.com/api/recipes/ai-chat-persistence. This domain is not included in the Trusted External Sources list. Remote content from unknown sources is inherently unverifiable and poses a security risk. - [COMMAND_EXECUTION] (LOW): The skill instructions suggest executing a network-reaching curl command in a shell environment to retrieve setup data.
- [PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection Surface): The skill's primary purpose is to persist chat conversations, which is a significant surface for processing untrusted data. 1. Ingestion points: Chat conversations (including tools, reasoning, and streaming parts) mentioned in the description. 2. Boundary markers: Absent from the skill definition. 3. Capability inventory: Database write operations to Neon Postgres. 4. Sanitization: Absent or not documented in the provided file.
Audit Metadata