recoup-research-the-web

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions and documentation in references/workflows.md describe using curl to interact with the vendor's API endpoints at api.recoupable.com. This is consistent with the skill's stated purpose of data retrieval.
  • [DATA_EXFILTRATION]: The skill transmits research parameters and entity identifiers to api.recoupable.com. These operations involve vendor-owned infrastructure and are necessary for the skill's functionality.
  • [PROMPT_INJECTION]: The skill processes untrusted content from the open web, posing a theoretical risk of indirect prompt injection. Ingestion points: Data retrieved from web search and URL extraction endpoints (SKILL.md). Boundary markers: The agent is explicitly instructed to 'Verify citations' and 'distill to a sourced one-page dossier' (SKILL.md). Capability inventory: The skill performs shell commands via curl and writes data to the local research/ directory (references/workflows.md). Sanitization: There are no instructions for automated sanitization of ingested content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:07 AM