recovery-social-features
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): The useContentModeration hook in references/moderation.md transmits user message content to an external URL (https://your-moderation-worker.workers.dev). While presented as a safety feature, sending sensitive recovery-related communications to a non-whitelisted third-party service contradicts the 'privacy-first' principles stated in the metadata.
- [COMMAND_EXECUTION] (LOW): The SKILL.md file requests access to the Bash tool. However, the provided implementation files only contain React components and hooks for Supabase, with no shell scripts or command execution logic present. This is an over-privileged permission request.
- [PROMPT_INJECTION] (LOW): The skill has a surface for indirect prompt injection. 1. Ingestion points: User inputs in MessageInput.tsx and message data retrieved via useMessages.ts. 2. Boundary markers: Absent in prompt construction logic. 3. Capability inventory: Network fetch capability in moderation.md and Bash tool permission in SKILL.md. 4. Sanitization: No explicit content sanitization or instruction-ignoring delimiters are implemented before processing user-generated text.
Audit Metadata