sonoscli
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automatically installs the 'sonos' CLI tool from github.com/steipete/sonoscli using the Go package manager. This involves downloading and building external code from a source not listed in the trusted vendors list.
- [COMMAND_EXECUTION]: The skill performs its functions by executing the installed 'sonos' binary, allowing the agent to run subprocesses on the host system to interact with network devices.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the local network via commands like 'sonos status' and 'sonos favorites list'. Ingestion points include track titles, playlist names, and device labels (SKILL.md). There are no boundary markers or sanitization steps documented to prevent the agent from interpreting instructions embedded in this external data. The agent retains full capability to execute local 'sonos' commands based on this input.
Audit Metadata