sonoscli
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation metadata specifies 'go install github.com/steipete/sonoscli/cmd/sonos@latest', which downloads and compiles code from a personal GitHub repository. This source is an unverified third-party and not a trusted organization or well-known service.- [COMMAND_EXECUTION]: The skill uses the 'sonos' binary to perform discovery and control operations on the local network. These operations involve executing subprocesses on the host environment.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from local network devices (such as speaker names, track titles, and playlist metadata) without explicit sanitization.
- Ingestion points: Files or tool outputs from 'sonos discover', 'sonos status', 'sonos queue list', and 'sonos favorites list'.
- Boundary markers: None provided in the instructions to the agent.
- Capability inventory: Subprocess execution of the 'sonos' tool on the host.
- Sanitization: No validation or escaping of the metadata retrieved from the speakers is performed before it is presented to the agent.
Audit Metadata