recovery-social-features
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
useContentModerationhook inreferences/moderation.mdsends user-provided content via a POST request to an external service (https://your-moderation-worker.workers.dev). This transmits potentially sensitive user-generated data to a non-whitelisted domain for processing. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it handles untrusted user input that could be used to manipulate the agent's behavior.
- Ingestion points: The agent processes message content in
references/messaging.md, display names inreferences/friendships.md, and group names inreferences/groups.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are implemented to separate user data from agent instructions.
- Capability inventory: The skill defines access to several powerful tools, including
Bash,Write,Edit,Grep, andGlob. - Sanitization: The implementation does not show any input validation, sanitization, or filtering of user-provided content before it is processed by the agent.
Audit Metadata