Skills
skills/netease/skills/netease-music-cli/Gen Agent Trust Hub

netease-music-cli

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill operates by executing the ncm-cli command-line tool and the mpv media player. These tools are used for their intended purpose of music playback and management.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by interpolating user-provided session summaries and search keywords into shell command arguments.
  • Ingestion points: User session summaries and search keywords are ingested and passed to the --userInput and --keyword flags in SKILL.md (Step 6).
  • Boundary markers: The instructions employ double quotes around arguments to provide basic delimitation.
  • Capability inventory: The agent can execute shell commands via the ncm-cli and mpv tools.
  • Sanitization: While Step 5 defines a safety check for harmful content categories using natural language prompts, there is no explicit instruction for the technical sanitization of shell metacharacters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 08:55 AM