recoup-platform-api-access

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Executes bash commands using curl to interact with the Recoup REST API at api.recoupable.dev. This includes both read operations (fetching artist data, social integrated data) and write operations (sending emails, executing connector actions).
  • [EXTERNAL_DOWNLOADS]: Retrieves technical documentation and OpenAPI specification files from docs.recoupable.dev. These downloads are used to dynamically discover API paths and parameter schemas for the platform's tools.
  • [PROMPT_INJECTION]: The skill facilitates the ingestion of data from external sources that could contain instructions, representing an indirect prompt injection surface.
  • Ingestion points: Data retrieved from the Recoup API and external connectors (e.g., contents of Google Docs, Gmail messages, TikTok metadata) processed through the GET /connectors/actions and research endpoints.
  • Boundary markers: The instructions do not define specific delimiters or instructions for the agent to ignore embedded commands in the retrieved data.
  • Capability inventory: Significant capabilities including sending emails via /api/emails, modifying Google Drive/Docs/Sheets files, and interacting with social media accounts (TikTok, Instagram) via POST /connectors/actions.
  • Sanitization: There is no evidence of sanitization or structural validation performed on the content retrieved from external connectors before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 12:56 AM