recoup-release-track-drop
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network requests to
api.recoupable.dev. This is the vendor's official research infrastructure, and the activity is consistent with the skill's purpose of tracking music releases. - [COMMAND_EXECUTION]: Documentation provides
curlcommand templates for inspecting API response shapes. These are intended for developer introspection and do not involve automated execution of untrusted remote code. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of external data.
- Ingestion points: Music release signals and metadata fetched from
api.recoupable.dev(SKILL.md). - Boundary markers: No explicit delimiters are used to wrap the ingested content.
- Capability inventory: The skill writes tracking data to the local workspace in the
releases/directory (SKILL.md). - Sanitization: No explicit sanitization or validation of the API data is defined before processing into the final summary.
Audit Metadata