Skills
skills/insight68/skills/sonoscli/Gen Agent Trust Hub

sonoscli

Warn

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata includes an installation step that fetches and installs a Go module from a third-party repository (github.com/steipete/sonoscli/cmd/sonos@latest). This source is not associated with the skill author ('insight68') or any pre-approved trusted organizations, representing a supply chain risk.
  • [COMMAND_EXECUTION]: The skill is designed to execute the sonos binary on the host system to discover, control, and query speakers on the local network.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection. User-provided strings for speaker names or search queries are interpolated into shell commands (e.g., sonos status --name "{user_input}"). This could be exploited to perform command injection if the agent does not properly escape the inputs.
  • Ingestion points: SKILL.md (user-supplied speaker names and search queries)
  • Boundary markers: Absent
  • Capability inventory: Subprocess execution of the sonos CLI tool
  • Sanitization: Absent
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 28, 2026, 08:21 PM