sonoscli
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
sonosCLI utility from a public repository (github.com/steipete/sonoscli) via the Go module system. This is an expected operation for a tool-based skill. - [COMMAND_EXECUTION]: Subprocess execution is used to invoke the
sonosbinary for local network speaker discovery and media control. These operations are consistent with the skill's stated purpose. - [SAFE]: No evidence of prompt injection, obfuscation, or hardcoded credentials was found. The use of environment variables for Spotify integration follows security best practices.
Audit Metadata