recur-portal
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- Prompt Injection (SAFE): No instructions attempting to override agent behavior, bypass safety filters, or extract system prompts were found.
- Data Exposure & Exfiltration (SAFE): The skill references sensitive environment variables like 'RECUR_SECRET_KEY' in code snippets but does not contain hardcoded credentials or patterns that exfiltrate data to untrusted domains.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The code examples reference the 'recur-tw' Node.js package, which matches the service's domain (recur.tw). No remote execution patterns (e.g., curl to bash) were detected.
- Indirect Prompt Injection (SAFE): The skill is primarily instructional and does not create an ingestion surface for untrusted data to influence the agent's logic or reasoning.
Audit Metadata