recoup-research-the-web
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions and documentation in
references/workflows.mddescribe usingcurlto interact with the vendor's API endpoints atapi.recoupable.com. This is consistent with the skill's stated purpose of data retrieval. - [DATA_EXFILTRATION]: The skill transmits research parameters and entity identifiers to
api.recoupable.com. These operations involve vendor-owned infrastructure and are necessary for the skill's functionality. - [PROMPT_INJECTION]: The skill processes untrusted content from the open web, posing a theoretical risk of indirect prompt injection. Ingestion points: Data retrieved from web search and URL extraction endpoints (SKILL.md). Boundary markers: The agent is explicitly instructed to 'Verify citations' and 'distill to a sourced one-page dossier' (SKILL.md). Capability inventory: The skill performs shell commands via
curland writes data to the localresearch/directory (references/workflows.md). Sanitization: There are no instructions for automated sanitization of ingested content.
Audit Metadata