recoup-content-make-graphics
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with 'api.recoupable.com' to generate content and retrieve artist research data. As these endpoints belong to the skill's vendor ('recoupable'), they are standard vendor resources used for the skill's primary functionality. The skill also mentions optional audio fetching from YouTube, which is performed only upon explicit user request.
- [COMMAND_EXECUTION]: The instructions utilize common shell tools such as 'curl', 'jq', and 'sed' to interact with APIs and parse local metadata files. These operations are confined to managing the artist workspace and service integration within the intended workflow.
- [PROMPT_INJECTION]: A quality enforcement hook is defined in the 'SKILL.md' frontmatter. This reviewer persona ensures the agent does not claim a visual asset is complete without first running a verification check through an analysis API. This serves as a quality control mechanism rather than a malicious bypass.
- [DATA_EXFILTRATION]: Local files containing artist branding, audience profiles, and song metadata are read to inform the generation process. This information is shared with the vendor's API to produce contextualized graphics, which is the core purpose of the skill and does not constitute unauthorized exfiltration.
Audit Metadata