controlling-spotify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and parses data from Spotify's public APIs and user-generated playlists (see searchSpotify/getPlaylistTracks in SKILL.md and the references/setup-guide.md) and also clones a public GitHub repo during install, and those fetched responses are used to select URIs and drive playback/playlist actions—so untrusted third-party content can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The installation script (scripts/install-mcp-server.sh) clones and builds the external repository https://github.com/marcelmarais/spotify-mcp-server.git at runtime, causing fetched remote code to be patched, built, and executed as a required MCP server dependency.