spotify-player
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill automates the installation of terminal-based Spotify clients 'spogo' (via the 'steipete/tap' Homebrew tap) and 'spotify_player'. These are well-known open-source tools for this purpose.\n- [COMMAND_EXECUTION]: The skill executes terminal commands to manage Spotify authentication and playback. This includes 'spogo auth import --browser chrome', which accesses browser cookies for authentication—a required step for the tool's intended functionality.\n- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. 1. Ingestion points: Music search queries (e.g., 'spogo search track "query"') defined in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Local CLI execution of 'spogo' and 'spotify_player' as documented in SKILL.md. 4. Sanitization: Not explicitly defined in the skill markdown.
Audit Metadata