recoup-song-find-hook
Pass
Audited by Gen Agent Trust Hub on Jul 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes authenticated calls to 'api.recoupable.com' to process audio files. This is the primary function of the skill and uses the vendor's official infrastructure.
- [COMMAND_EXECUTION]: Provides implementation examples using
curland therecoupCLI tool. These commands are documented for the agent to use when interacting with the vendor's API and do not exhibit malicious patterns or privilege escalation. - [CREDENTIALS_UNSAFE]: The documentation describes how to handle
RECOUP_ACCESS_TOKENandRECOUP_API_KEY. It correctly advises against hardcoding secrets, recommending the use of environment variables and providing instructions to the user if authentication is missing. - [DATA_EXFILTRATION]: No evidence of unauthorized data transmission. The skill requires a public
audio_urlto function, which is transmitted only to the designated vendor endpoint for processing.
Audit Metadata