The Agent Skills Directory

[DATA_EXPOSURE]: The skill makes network requests to itunes.apple.com, which is the official and trusted domain for the iTunes Search API. These requests are limited to fetching public music metadata and do not involve sensitive user data.- [PROMPT_INJECTION]: The skill ingests data from an external API, creating a surface for indirect prompt injection. However, the risk is negligible because the skill only extracts specific, non-executable metadata fields (like song titles and artist names) and does not possess capabilities like file system access or command execution that could be triggered by malicious content.

music-discovery