recoup-promo-graphic
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill implements a verification workflow in references/analyze-gate.md that instructs the agent to analyze visual outputs via an API before confirming completion to the user. This is a quality control mechanism designed to prevent the delivery of glitched or incorrect assets, rather than a malicious attempt to hide behavior.
- [DATA_EXFILTRATION]: Artist identifiers and metadata are retrieved from local workspace files (e.g., RECOUP.md) and sent to the vendor's official API (api.recoupable.com) to fetch research metrics and milestones. This is a functional requirement for generating data-driven promotional content and uses the author's own infrastructure.
- [COMMAND_EXECUTION]: The reference documentation describes the use of standard command-line tools such as curl, jq, sed, and ls. These are used appropriately to interact with REST APIs, parse JSON responses, and manage files within the artist's local workspace.
- [PROMPT_INJECTION]: The skill incorporates external data from research APIs (e.g., web summaries and milestones) into its generation process to ensure content is timely and accurate. 1. Ingestion points: references/research-context.md (fetches data from /api/research/web and /api/research/milestones). 2. Boundary markers: None explicitly defined in the provided instruction snippets for delimiting injected research data. 3. Capability inventory: The skill has the ability to generate images, videos, and captions via the Content API, and writes the resulting files to the local workspace. 4. Sanitization: Employs jq with URI encoding (@uri) for search queries to ensure safe API interaction.
- [SAFE]: No obfuscation, malicious persistence, or unauthorized privilege escalation patterns were detected. All external communications are directed to the vendor's documented API endpoints.
Audit Metadata