lastfm
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill communicates with the official Last.fm API endpoint (
ws.audioscrobbler.com) to retrieve and update user music data. This is a well-known service and is the primary function of the skill. - [COMMAND_EXECUTION]: The core logic in
scripts/lastfm-api.shuses standard system utilitiescurlandjqto perform network requests and parse JSON data. The script includes appropriate error handling and usesset -euo pipefailfor robustness. - [PROMPT_INJECTION]: The skill processes untrusted data (such as track names and artist information) from the Last.fm API, which presents a surface for indirect prompt injection.
- Ingestion points: API responses are parsed and formatted in
scripts/lastfm-api.sh(e.g., informat_now_playingandformat_recentfunctions). - Boundary markers: No specific delimiters or "ignore instructions" warnings are applied to the fetched metadata before it is presented to the agent.
- Capability inventory: The skill possesses network capabilities via
curland JSON processing viajq. - Sanitization: The skill correctly sanitizes user inputs (like artist and track names) using URL encoding via
jqbefore they are included in API requests, preventing request-level injection.
Audit Metadata