hifi-download
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Credentials Unsafe (LOW): The
setup_config.pyscript accepts sensitive credentials (API keys, passwords) as command-line arguments. This practice can expose secrets in process lists or shell history. However, the skill provides a manual.envfile alternative in the documentation, and the usage is restricted to an initial configuration phase.\n- Prompt Injection (LOW): The skill ingests track, artist, and album names from external APIs which could be used as a vector for indirect prompt injection if the upstream data source is manipulated.\n - Ingestion points: API responses in
scripts/lib/spotify.pyandscripts/lib/lastfm.py.\n - Boundary markers: No specific delimiters or boundary markers are used when processing metadata strings.\n
- Capability inventory: Includes subprocess spawning in
scripts/platform_download.pyand shell script execution viarun.sh.\n - Sanitization: Metadata is returned in structured JSON format but lacks filtering for natural language instructions.\n- Command Execution (SAFE): The skill manages background workers and environment setup using standard
subprocesscalls and shell script wrappers. These implementations use absolute paths,sys.executable, and current directory context, which are standard practices for local CLI tools.
Audit Metadata