recoup-platform-api-access
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: Executes bash commands using
curlto interact with the Recoup REST API atapi.recoupable.dev. This includes both read operations (fetching artist data, social integrated data) and write operations (sending emails, executing connector actions). - [EXTERNAL_DOWNLOADS]: Retrieves technical documentation and OpenAPI specification files from
docs.recoupable.dev. These downloads are used to dynamically discover API paths and parameter schemas for the platform's tools. - [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources that could contain instructions, representing an indirect prompt injection surface.
- Ingestion points: Data retrieved from the Recoup API and external connectors (e.g., contents of Google Docs, Gmail messages, TikTok metadata) processed through the
GET /connectors/actionsand research endpoints. - Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore embedded commands in the retrieved data.
- Capability inventory: Significant capabilities including sending emails via
/api/emails, modifying Google Drive/Docs/Sheets files, and interacting with social media accounts (TikTok, Instagram) viaPOST /connectors/actions. - Sanitization: There is no evidence of sanitization or structural validation performed on the content retrieved from external connectors before it is processed by the agent.
Audit Metadata