recoup-roster-onboard

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFE
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external data in the form of user-supplied artist lists or CSV data, which is then passed to subagents for execution. This creates a potential surface for indirect prompt injection where malicious instructions could be embedded in the artist names.
  • Ingestion points: Step 3 in SKILL.md identifies that artist names are gathered from user-pasted lists or CSV files.
  • Boundary markers: The skill does not explicitly use delimiters for the artist names, but it does mandate a human-in-the-loop (HITL) confirmation step ('confirm the final list with the user before creating anything') which acts as a significant mitigation.
  • Capability inventory: The skill dispatches these names to the recoup-roster-add-artist subagent, which performs a chain of operations including API writes and catalog enrichment.
  • Sanitization: No explicit sanitization or filtering of the input strings is mentioned beyond the manual confirmation step.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:07 AM