recoup-artist-workspace
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell utilities such as
ls,find,mkdir,cat,grep, andgitto perform legitimate workspace management tasks. These operations are limited to theartists/directory within the sandbox and are used for creating directories, generating manifest files from templates, and tracking change history. - [INDIRECT_PROMPT_INJECTION]: The skill processes data from external APIs (Spotify, research tools) and saves it into local context files which the agent subsequently reads. While this ingestion of external data creates a potential surface for indirect prompt injection, the skill's use of a structured checklist format in
RECOUP.mdand explicit instructions to not 'invent data' helps maintain operational integrity.
Audit Metadata