recoup-competitive-analysis

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes curl to interact with the Recoup Research API at api.recoupable.com. These commands are the primary mechanism for fetching artist profiles, metrics, and catalog data.
  • [COMMAND_EXECUTION]: Utilizes jq for parsing JSON responses from API calls, which is a standard and expected practice for processing structured data.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its ingestion of external data. Ingestion points: The skill fetches data from external web sources via endpoints such as /research/web, /research/deep, and /research/extract as documented in references/endpoints.md. Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the fetched web content. Capability inventory: The skill performs network operations via curl and file system writes to workspace directories like research/ and context/ (referenced in references/workflows.md). Sanitization: The instructions do not specify any validation or sanitization of the content retrieved from external URLs before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 12:14 PM