sonoscli
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the sonos utility from the github.com/steipete/sonoscli repository using the Go toolchain.
- [COMMAND_EXECUTION]: Executes shell commands via the sonos binary to manage speaker groups, playback, and volume.
- [PROMPT_INJECTION]: Processes metadata and status information from local speakers and the Spotify API.
- Ingestion points: Data enters the context via sonos discover, favorites list, and queue list commands.
- Boundary markers: None used to encapsulate network-retrieved data from agent instructions.
- Capability inventory: The skill has access to the sonos CLI for network operations.
- Sanitization: No validation or sanitization of retrieved metadata is performed before presentation.
Audit Metadata