spotify-player
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration includes the installation of the 'spogo' binary via a third-party Homebrew tap ('steipete/tap'). While 'spogo' is a known utility, this source is not part of the core trusted repository list.
- [COMMAND_EXECUTION]: The skill executes external command-line tools ('spogo' and 'spotify_player') to manage music. This includes a specific setup command ('spogo auth import --browser chrome') that accesses sensitive browser session data to authenticate with Spotify.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface through the ingestion of external track metadata. 1. Ingestion points: Track titles, artist names, and search results retrieved from the Spotify API (SKILL.md). 2. Boundary markers: No delimiters or specific safety instructions are present to prevent the agent from obeying instructions embedded in music metadata. 3. Capability inventory: The skill utilizes subprocess execution of CLI binaries. 4. Sanitization: No sanitization of API-returned strings is performed before the data is integrated into the agent's workflow.
Audit Metadata