recoup-content-make-video
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard command-line tools like
curl,jq, andsedto interact with APIs and process local artist configuration files. It also mentionsyt-dlpfor media retrieval, which is gated by a requirement to obtain user permission before execution.\n- [DATA_EXFILTRATION]: The skill reads artist-specific context and identifiers from the local workspace (e.g.,artists/*/RECOUP.md,context/artist.md) and transmits them to the vendor's API endpoints atapi.recoupable.dev. This behavior is documented as the core functionality for generating branded content assets.\n- [EXTERNAL_DOWNLOADS]: Communicates with theapi.recoupable.devdomain for various services including video generation, audio transcription, and visual analysis. It also describes procedures for fetching media from vendor-controlled sandbox repositories and external platforms upon user request.\n- [PROMPT_INJECTION]: A validation hook inSKILL.mdenforces a quality-control protocol, requiring the agent to verify visual assets via a specialized analysis API (analyze-gate) before completion. This ensures the agent does not provide inaccurate status for visual outputs it cannot directly perceive.\n- [PROMPT_INJECTION]: The skill processes external data (e.g., social posts and web research) retrieved via the vendor API. While this enriches content, it introduces a surface for indirect instructions. Evidence: Ingestion points include the research API (references/research-context.md); boundary markers are implemented via instructional rubrics; capability inventory includescurlfor network and filesystem write operations; sanitization is performed usingjqto safely construct API payloads.
Audit Metadata