hifi-download-skill
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The
run.shscript executes Python files using a positional parameter (scripts/$1.py). This design lacks validation and could theoretically be exploited for path traversal or execution of unintended scripts if an agent handles unvalidated input. - [CREDENTIALS_UNSAFE] (LOW): The
setup_config.pyscript accepts sensitive information, including Qobuz passwords and Spotify secrets, as plaintext command-line arguments. This may result in credentials being stored in shell history or captured in agent execution logs. - [DATA_EXFILTRATION] (LOW): The skill performs network operations to non-whitelisted domains such as Last.fm and Qobuz. Notably, communication with the Last.fm API (
http://ws.audioscrobbler.com) is performed over unencrypted HTTP, exposing user metadata to potential interception. - [INDIRECT_PROMPT_INJECTION] (LOW): An attack surface exists in
scripts/lastfm_taste.py, which processes music metadata (artist and track names) from external APIs. Ingestion Point:scripts/lastfm_taste.py; Boundary Markers: Absent; Capability Inventory:run.sh(exec),platform_download.py(file-write); Sanitization: Absent. While unlikely to lead to execution, malicious metadata could be used to influence the agent's context.
Audit Metadata