recoup-deal-ingest
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several local Python scripts to perform data processing tasks. Analysis of scripts like
normalize-royalty-statement.py,extract-pdf-statement.py, anddataroom-hygiene-scan.pyshows they perform deterministic transformations, regex-based scanning, and structured data validation. There are no instances of unsafe command construction, shell injection, or arbitrary code execution. - [EXTERNAL_DOWNLOADS]: The skill requires standard third-party Python libraries (
pdfplumber,openpyxl, and optionallyPyYAML) to handle PDF and Excel file formats. These are well-known, legitimate dependencies from the official Python Package Index (PyPI) and are appropriate for the skill's technical requirements. - [DATA_EXFILTRATION]: While the skill processes highly sensitive financial and legal data, all operations are confined to the local
deals/{deal-id}workspace. There are no network operations, hardcoded credentials, or external data transfer mechanisms identified in any of the scripts or instructions. - [PROMPT_INJECTION]: The instructions are strictly task-oriented, focusing on the preservation of data lineage and the classification of music assets. No instructions were found that attempt to override agent safety guidelines, reveal system prompts, or bypass platform constraints.
Audit Metadata