Skills
skills/recoupable/skill-setup-sandbox/setup-sandbox/Gen Agent Trust Hub

setup-sandbox

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The skill relies on a custom CLI binary named 'recoup' to fetch organization and artist data. It also performs 'git' operations (commit and push). While necessary for its purpose, the presence of non-standard tooling is noted.
  • [PROMPT_INJECTION] (LOW): The skill exhibits an Indirect Prompt Injection surface (Category 8) by processing external data. Evidence Chain: 1. Ingestion points: JSON data from the 'recoup' CLI commands 'orgs list' and 'artists list'. 2. Boundary markers: Absent; the skill interpolates API values directly into the 'RECOUP.md' markdown template. 3. Capability inventory: The skill has file system write access ('mkdir', writing 'RECOUP.md') and network capability ('git push'). 4. Sanitization: No sanitization or escaping of the 'artistName' or 'artistSlug' fields is described before being written to disk.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 02:25 PM