recoup-platform-build-workspace

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses mkdir -p to create a directory hierarchy (orgs/{slug}/artists/{slug}). This is a standard operation for workspace initialization and matches the skill's described purpose.
  • [DATA_EXPOSURE]: The skill accesses the $RECOUP_ACCESS_TOKEN environment variable for authentication. This is a recommended practice for handling sensitive credentials in development environments rather than hardcoding them.
  • [EXTERNAL_DOWNLOADS]: The skill makes GET requests to /api/organizations and /api/artists. These endpoints appear to be part of the vendor's own API infrastructure and are used to retrieve the data necessary for scaffolding the workspace.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration. The network operations are limited to authenticated API calls to the platform for which the skill is designed.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 11:34 PM