sonoscli
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs a binary using the Go module
github.com/steipete/sonoscli/cmd/sonos@latest. This repository belongs to a third-party developer not included in the 'Trusted GitHub Organizations' list, meaning the code being downloaded and executed has not been pre-verified for security. - [COMMAND_EXECUTION] (LOW): The skill's primary function is to execute the
sonosCLI tool. While the intended use (media control) is low risk, the tool requires network access to discover and communicate with speakers on the local network.
Audit Metadata