recovery-social-features

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and displays arbitrary user-generated content from other app users (e.g., hooks/useMessages.ts loads and subscribes to messages and appends payload.new.content, and other hooks like useFriendships and group components render profiles and group data), and it also sends user content to an external moderation endpoint (references/moderation.md → fetch('https://your-moderation-worker.workers.dev')), exposing the agent to untrusted third-party content that could carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The useContentModeration hook calls the external runtime endpoint https://your-moderation-worker.workers.dev to obtain moderation results that directly determine app behavior (approved/flags/crisisDetected), so this URL is a required runtime dependency that can control prompts/actions.