recoup-competitive-analysis
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
curlto interact with the Recoup Research API atapi.recoupable.com. These commands are the primary mechanism for fetching artist profiles, metrics, and catalog data. - [COMMAND_EXECUTION]: Utilizes
jqfor parsing JSON responses from API calls, which is a standard and expected practice for processing structured data. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface through its ingestion of external data. Ingestion points: The skill fetches data from external web sources via endpoints such as
/research/web,/research/deep, and/research/extractas documented inreferences/endpoints.md. Boundary markers: There are no specific delimiters or instructions to ignore embedded commands within the fetched web content. Capability inventory: The skill performs network operations viacurland file system writes to workspace directories likeresearch/andcontext/(referenced inreferences/workflows.md). Sanitization: The instructions do not specify any validation or sanitization of the content retrieved from external URLs before processing.
Audit Metadata