recoup-artist-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard shell utilities such as ls, find, mkdir, cat, grep, and git to perform legitimate workspace management tasks. These operations are limited to the artists/ directory within the sandbox and are used for creating directories, generating manifest files from templates, and tracking change history.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes data from external APIs (Spotify, research tools) and saves it into local context files which the agent subsequently reads. While this ingestion of external data creates a potential surface for indirect prompt injection, the skill's use of a structured checklist format in RECOUP.md and explicit instructions to not 'invent data' helps maintain operational integrity.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 10:35 AM