The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the system's osascript utility to perform operations in the Music application on macOS.
Evidence: The file src/applemusic_mcp/applescript.py constructs and executes AppleScript using subprocess.run(['osascript', '-e', script]). This is the core mechanism for playback control and local library management.
Mitigation: The implementation includes an _escape_for_applescript function in src/applemusic_mcp/applescript.py that escapes backslashes and double quotes in user-provided strings before they are interpolated into the script, reducing the risk of command injection.
[EXTERNAL_DOWNLOADS]: The skill connects to the official Apple MusicKit API to provide catalog search and discovery features.
Evidence: Functions in src/applemusic_mcp/auth.py and src/applemusic_mcp/server.py communicate with https://api.music.apple.com/v1. This targets a well-known service and is a documented feature of the skill.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted data that is used in system commands.
Ingestion points: User-provided parameters for track names, artist names, and playlist names across the tools defined in src/applemusic_mcp/server.py.
Boundary markers: Data is wrapped in double quotes within AppleScript templates.
Capability inventory: The skill can control media playback, manage playlists, and access library metadata through the Music application on macOS.
Sanitization: Basic character escaping (backslashes and quotes) is applied in src/applemusic_mcp/applescript.py to prevent string breakout during command construction.
[DATA_EXFILTRATION]: The skill accesses sensitive local files to manage authentication and configuration.
Evidence: src/applemusic_mcp/auth.py reads config.json and .p8 private keys from the ~/.config/applemusic-mcp/ directory. These files are necessary for the skill to authenticate with the Apple MusicKit API. This access is limited to the skill's own configuration directory.

apple-music