recoup-deal-ingest

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several local Python scripts to perform data processing tasks. Analysis of scripts like normalize-royalty-statement.py, extract-pdf-statement.py, and dataroom-hygiene-scan.py shows they perform deterministic transformations, regex-based scanning, and structured data validation. There are no instances of unsafe command construction, shell injection, or arbitrary code execution.
  • [EXTERNAL_DOWNLOADS]: The skill requires standard third-party Python libraries (pdfplumber, openpyxl, and optionally PyYAML) to handle PDF and Excel file formats. These are well-known, legitimate dependencies from the official Python Package Index (PyPI) and are appropriate for the skill's technical requirements.
  • [DATA_EXFILTRATION]: While the skill processes highly sensitive financial and legal data, all operations are confined to the local deals/{deal-id} workspace. There are no network operations, hardcoded credentials, or external data transfer mechanisms identified in any of the scripts or instructions.
  • [PROMPT_INJECTION]: The instructions are strictly task-oriented, focusing on the preservation of data lineage and the classification of music assets. No instructions were found that attempt to override agent safety guidelines, reveal system prompts, or bypass platform constraints.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 03:06 PM