recoup-lyric-video

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of shell utilities including curl, jq, ls, and sed to manage artist workspaces, parse JSON responses, and automate the video production pipeline.
  • [EXTERNAL_DOWNLOADS]: To source audio for video generation, the skill identifies logic for downloading content from YouTube (using yt-dlp) or fetching encoded binary files from remote sandbox repositories.
  • [DATA_EXFILTRATION]: The skill transmits artist identifiers, song metadata, and audio URLs to api.recoupable.com. As this is the vendor's primary API, this is expected behavior for providing the video synthesis service.
  • [PROMPT_INJECTION]: Automated detection flagged a quality control instruction in references/analyze-gate.md (advising the agent not to claim an asset is ready until it passes an inspection gate). Analysis confirms this is a benign quality assurance protocol and not a malicious attempt to conceal behavior from the user.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 03:21 AM