recovery-social-features

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted user-generated content via the useMessages/useFriendships hooks and Supabase real-time subscriptions (messages, friend requests, group content) and also calls an external moderation endpoint (https://your-moderation-worker.workers.dev) as part of its core workflow, so third-party content can be read and can materially influence prompts/behavior (crisis prompts, moderation/flagging, blocking).