controlling-spotify
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The file
scripts/install-mcp-server.shclones a repository fromhttps://github.com/marcelmarais/spotify-mcp-server.git. This repository is not associated with a trusted organization or repository list, posing a risk of malicious code injection. - REMOTE_CODE_EXECUTION (HIGH): Following the repository clone, the
install-mcp-server.shscript executesnpm installandnpm run build. This allows for arbitrary code execution from scripts contained within the downloaded untrusted package. - COMMAND_EXECUTION (MEDIUM): The installer performs
chmod +xon the built artifactbuild/index.jsand executes a patching scriptapply-patch.jswhich modifies the cloned source code at runtime to inject environment variable handling. - CREDENTIALS_UNSAFE (LOW): The skill provides a helper script
scripts/get-refresh-token.jsand a setup guide to facilitate the handling of Spotify Client IDs, Secrets, and Refresh Tokens. While functional, it requires users to handle sensitive OAuth2 credentials locally. - INDIRECT PROMPT INJECTION (LOW): The skill ingests data from the Spotify API. If an attacker can control track or playlist metadata, it could theoretically be used to influence the agent's behavior. Ingestion:
api.spotify.com. Capabilities: Playback and playlist modification. Boundary markers: None identified. Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata