recoup-song-find-hook

Pass

Audited by Gen Agent Trust Hub on Jul 17, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill makes authenticated calls to 'api.recoupable.com' to process audio files. This is the primary function of the skill and uses the vendor's official infrastructure.
  • [COMMAND_EXECUTION]: Provides implementation examples using curl and the recoup CLI tool. These commands are documented for the agent to use when interacting with the vendor's API and do not exhibit malicious patterns or privilege escalation.
  • [CREDENTIALS_UNSAFE]: The documentation describes how to handle RECOUP_ACCESS_TOKEN and RECOUP_API_KEY. It correctly advises against hardcoding secrets, recommending the use of environment variables and providing instructions to the user if authentication is missing.
  • [DATA_EXFILTRATION]: No evidence of unauthorized data transmission. The skill requires a public audio_url to function, which is transmitted only to the designated vendor endpoint for processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 17, 2026, 03:07 AM