mom-factura-webhooks
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure & Exfiltration] (LOW): The skill contains code examples that perform network requests to non-whitelisted domains such as api.momenu.online and momenu.toquemedia.net. While this is expected for an API integration, it technically constitutes an external data flow. \n- [Indirect Prompt Injection] (LOW): The webhook examples ingest untrusted data from an external provider, creating a potential surface for indirect prompt injection if the output is used in downstream LLM processing. \n
- Ingestion points: SKILL.md (Express and Flask server examples). \n
- Boundary markers: Absent. \n
- Capability inventory: Code examples primarily involve logging and basic conditional logic; no command execution or sensitive file access is present. \n
- Sanitization: No sanitization or input validation is included in the provided templates.
Audit Metadata