recoup-release-track-drop

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFE
Full Analysis
  • [DATA_EXFILTRATION]: The skill performs network requests to api.recoupable.dev. This is the vendor's official research infrastructure, and the activity is consistent with the skill's purpose of tracking music releases.
  • [COMMAND_EXECUTION]: Documentation provides curl command templates for inspecting API response shapes. These are intended for developer introspection and do not involve automated execution of untrusted remote code.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the ingestion of external data.
  • Ingestion points: Music release signals and metadata fetched from api.recoupable.dev (SKILL.md).
  • Boundary markers: No explicit delimiters are used to wrap the ingested content.
  • Capability inventory: The skill writes tracking data to the local workspace in the releases/ directory (SKILL.md).
  • Sanitization: No explicit sanitization or validation of the API data is defined before processing into the final summary.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:07 AM