Skills
skills/composiohq/awesome-claude-skills/Spotify Automation/Gen Agent Trust Hub

Spotify Automation

Fail

Audited by Gen Agent Trust Hub on Feb 14, 2026

Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (HIGH): The skill is highly vulnerable to instructions embedded in Spotify catalog metadata which could influence agent behavior.
  • Ingestion points: Metadata from SPOTIFY_SEARCH_FOR_ITEM, SPOTIFY_GET_PLAYLIST_ITEMS, and SPOTIFY_GET_PLAYLIST enters the agent context.
  • Boundary markers: There are no specified delimiters to isolate this untrusted content.
  • Capability inventory: The skill possesses powerful write/execute tools including SPOTIFY_CHANGE_PLAYLIST_DETAILS, SPOTIFY_ADD_ITEMS_TO_PLAYLIST, and SPOTIFY_START_RESUME_PLAYBACK (system/playback control).
  • Sanitization: No evidence of validation or sanitization of retrieved strings is provided.
  • [External Downloads] (MEDIUM): The skill depends on an external MCP server at https://rube.app/mcp, which is not a verified or trusted source.
  • [Data Exposure] (LOW): The SPOTIFY_GET_CURRENT_USER_S_PROFILE tool retrieves sensitive user PII such as email addresses, increasing the impact of a potential compromise.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 14, 2026, 04:44 AM