spotify-api
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection as it ingests untrusted data from the Spotify API which may contain malicious instructions embedded by an attacker (e.g., in a shared playlist name).
- Ingestion points: Data enters via
scripts/export_data.pyandscripts/test_credentials.pythrough API calls likeget_user_playlists,search_artists, andget_current_user. - Boundary markers: No explicit delimiters or boundary markers are used to separate API data from agent instructions.
- Capability inventory: The skill has network access and the capability to read/write Spotify data (create/modify playlists).
- Sanitization: No sanitization or filtering of external content for natural language instructions is performed.
- DATA_EXFILTRATION (LOW): The skill initiates network connections to
api.spotify.com. While necessary for its core purpose, this domain is outside the trusted whitelist. - DATA_EXFILTRATION (LOW): The
scripts/export_data.pyutility saves sensitive user information, including email, country, and private playlist details, to the local filesystem in unencrypted JSON files, increasing the local attack surface.
Audit Metadata